Microsoft false positive flags Google as hosting Blackhole Exploit Kit

Microsoft suffered a false positive problem last night when Google was flagged as malicious.

Shortly after Microsoft released its February Patch Tuesday bulletins, Google.com was flagged as malicious, apparently because of a faulty security update shipped by Microsoft.

However, Microsoft's Technet support forums lit up at the subject, with a comment that a user's malware inspection were updated to at least one.119.1972.0 and commenced blocking Google.com as a consequence of JS/Blacole.BW.

In a response to a different forum member, Microsoft Support said: “Thanks for reporting this issue. We now have received several similar reports from different channels. Currently I'm working with our AV team to research the difficulty. Will keep you updated for any progress.”

According to security blogger Brian Krebs, the alerts gave the look to be the results of a false positive detection shipped to users of Microsoft's anti-virus and security products, most notably its Forefront technology and free Security Essentials anti-virus software.

He said that following a reboot, Internet Explorer claimed Google.com was serving up a severe threat and that Google's homepage was infected with a Blackhole Exploit Kit.

Krebs said: “I may be wrong, but it surely doesn't appear that Google is in truth infected or serving up exploits. Fortunately, clicking the default ‘remove' action prompted by Microsoft's anti-virus technology did virtually nothing that i may tell; this system reported that it was unable in finding the threat (psst, Microsoft…that's because there's not one).

“False positives happen to each anti-virus vendor and this one was fairly innocuous as this stuff go: it isn't like it deleted or quarantined essential operating system files [as BitDefender treated in 2010], rendering host computers useless, as faulty updates from other vendors have up to now. But Microsoft might be smarting from this episode.”