backtop


Print 25 comment(s) - last by random2.. on Apr 24 at 10:03 PM

Malware software targeted legitimate Windows files

Security vendor Malwarebytes has crippled thousands of computers around the world after a faulty update was applied to its software. The faulty security update applied to the software marked legitimate system files as malware code.

The company admitted to the problem on its official blog earlier this week and has since pulled the faulty update.

"At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes’ Marcin Kleczynski.

"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."

The specific operating system files that the malware update targeted included Windows.dll and.exe files. By targeting those files, the security application prevented them from running, taking IT systems and individual computers off-line.
 
One company that uses a software claims that the update knocked 80% of its servers off-line. Malwarebytes maintains that it has begun reworking its update policy to ensure the sort of mistake never happens again.

"We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski.

"We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."

Source: V3



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Effective but risky ...
By max_payne on 4/18/2013 12:12:12 PM , Rating: 2
Malwarebytes has mostly been effective at cleaning up malwares but, as I warn my customers, it has to be use very carefully. It sometimes flag valid files as infected, so it's easy to break your system. It is better left to be used by knowledgeable people. And as usual; backup, backup, backup.




RE: Effective but risky ...
By ShaolinSoccer on 4/18/2013 12:19:37 PM , Rating: 2
It's not just Malwarebytes. I have seen this same thing happen with AVG and Avast. I'm sure it has happened on other anti-virus programs, too.


RE: Effective but risky ...
By Motoman on 4/18/2013 12:26:20 PM , Rating: 3
History has proven the worst for the big traditional brand names, like Norton and McAfee.

This is the first such issue I've ever heard of for Malwarebytes. And compared to the massive cockups of Norton & McAfee, from the sounds of this issue it's kind of a rounding error.


RE: Effective but risky ...
By Mitch101 on 4/18/2013 1:00:06 PM , Rating: 2
In McAffee's case Ive seen it flag its own virus definition updates as infected.

I just bought several copies of Malware bytes and think Ill wait till this weekend to install so they get it ironed out.

This happens to every vendor but thanks for the article DT may have saved me 3 rebuilds but Ill image them before I install just to be sure.


RE: Effective but risky ...
By RjBass on 4/18/2013 1:37:00 PM , Rating: 3
Not knowing about this, i downloaded, installed and updated Malwarebytes on a co-workers computer today. Had to run a scan for something she got into a week ago. She is a kindergarten teacher and about once an hour her computer would erupt into music and explicit conversations, much to the amusement and dismay of her students.

Malwarebytes did just fine, and didn't cripple anything, and now her computer is free from the problem. So that being the case, I can only assume the latest update is ok for use.


RE: Effective but risky ...
By random2 on 4/24/2013 10:03:52 PM , Rating: 2
This is one of the reasons I try to remove this piece of malware (McAfee) from PCs every chance I get. That and any Norton/Symantec product. System speed up is immediately apparent when these invasive, resource hungry programs are flushed.


RE: Effective but risky ...
By Motoman on 4/18/2013 7:59:07 PM , Rating: 2
Oh look, the children are downrating me again for pointing out reality. As they frequently do.

Spend 2 seconds on Google to find this stuff from just a couple years ago:

http://www.zdnet.com/blog/bott/defective-mcafee-up...

With a flick of a switch, metaphorically speaking, McAfee (and Symantic and Norton) have in the past, more than once, effectively bricked hundreds of thousands of computers worldwide, and brought many corporations to their knees.

Sure...AVG, Avast, and now Malwarebytes have all had problems too. But nothing on the scale of what the "big guys" have done.

I'll note that I also became a non-fan of Microsoft Security Essentials a while ago - for a long time I'd been happily recommending and installing it on people's PCs. But on at least 3 computers now I've seen MSE absolutely borked by malware to the point where you can't really ever make it work again.

So...I went back to AVG as the primary recommendation. With the free version of Malwarebytes for an additional manual scan once in a while.


RE: Effective but risky ...
By marvdmartian on 4/18/2013 2:13:06 PM , Rating: 2
Funny, I took Malwarebytes free trial off my computer early this week, as I was getting tired of how slowly it loaded upon start-up, which was preventing anything else from going, until it was up & running.

Makes me glad I did! Until I can look into how to speed up initial loading, and how to create exceptions to automatically blocked sites that I trust, I won't bother with it.


RE: Effective but risky ...
By 7Enigma on 4/19/2013 11:00:40 AM , Rating: 2
You need an SSD. :)


RE: Effective but risky ...
By bodar on 4/19/2013 4:40:48 AM , Rating: 3
Good advice. The problem here was that users were not even running scans, yet DLLs and EXEs were getting hosed. At my office, we have the Enterprise Edition with real-time protection, and the affected PCs appeared to be compromised by malware, when it was in fact MBAM. Applications would freeze or were unable to launch. The main security suite was inoperable. So naturally, I tried to scan with MBAM and lo and behold, 2000+ "infected" files on one PC, all with the same Trojan. WTF? So I took a closer look and saw all the system files and even MBAM core files. Obviously something was fishy, so, I canceled out, hit up the web and found the support threads showing the problem. But in a way, it was a self-fulfilling prophecy. In our case at least, the program broke the system in a manner that just screamed "malware", so I can see how people could ran headfirst into more trouble, and blindly trust that the anti-malware software knew what it was doing.

Luckily, the company's fix tool worked on most users (those who couldn't even run System Restore) and de-quarantined the affected files, but some required repair installs of Windows. No idea if we'll bother renewing our licenses next year. Kinda sad, considering it's been so good thus far.


Servers?
By Samus on 4/18/2013 11:31:23 AM , Rating: 5
Who the hell runs Malwarebytes on a Server?




RE: Servers?
By Ristogod on 4/18/2013 12:04:30 PM , Rating: 3
Joe


RE: Servers?
By NellyFromMA on 4/18/2013 12:37:13 PM , Rating: 2
My thoughts exactly..


RE: Servers?
By Ammohunt on 4/18/13, Rating: 0
RE: Servers?
By Motoman on 4/18/2013 8:00:28 PM , Rating: 1
Yup. A better question might be "who asks such a stupid question?" And the answer would be someone who hasn't worked in IT for more than five minutes.


RE: Servers?
By lagomorpha on 4/22/2013 3:26:20 PM , Rating: 2
The BOFH could probably think of a reason...


Still great software
By Ammohunt on 4/18/2013 11:30:52 AM , Rating: 2
I had a hard lock on my machine yesterday which was strange; i wonder if that's how this problem manifested itself.




RE: Still great software
By Yojimbo on 4/18/2013 2:13:20 PM , Rating: 2
It flagged various critical windows dlls (as well as yahoo messenger, some norton stuff) as malware and quarantined them. It happened to me.


RE: Still great software
By m_comp on 4/18/2013 4:46:38 PM , Rating: 2
my brother added this to his computer to get rid of my search conduit about a week ago, they flagged two files and he erased them but the computer seems fine. Should he worry or uninstall malware antivirus protection?


my.search conduit
By m_comp on 4/18/2013 4:42:15 PM , Rating: 2
My computer has downloaded "my search conduit" I did some research and people have said that installing malware will help get rid of any virus that also get downloaded with this. Since Malware has this issue now, does anyone have any suggestions as to what I can do?




RE: my.search conduit
By bodar on 4/19/2013 4:45:04 AM , Rating: 2
I've had success with SuperAntiSpyware, though admittedly I've only used it a few times -- http://www.superantispyware.com/download.html

BTW, the Malwarebytes issue has already been fixed. They fixed it the same day actually. I guess it comes down to whether you will trust them after this debacle.


RE: my.search conduit
By Captain Orgazmo on 4/19/2013 4:47:53 AM , Rating: 2
I suggest you remove yourself from the internet. Now. For your own good.

You're welcome, bye.


By Dukeajuke on 4/18/2013 12:58:39 PM , Rating: 5
If you're company is running Malwarebytes on every server in your datacenter, then your server admin might be a redneck...




In other news...
By GatoRat on 4/18/2013 4:25:27 PM , Rating: 5
Malwarebytes has announced they are going to create a "testing" department. This revolutionary concept is sweeping the software industry like wildfire. Simplified, it means that software will be thoroughly tested before shipping it to customers. Microsoft has been experimenting with this idea for years, though has yet to apply it to their user interface design department.




By Crazyeyeskillah on 4/18/2013 11:13:43 AM , Rating: 2
Great way to go out in style.




"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki