AVG Improperly Detects Threat in Google's reCAPTCHA

A buggy detection routine caused antivirus products from AVG to improperly tag a script from Google's reCAPTCHA as being infected with a threat called HTML/Framer. The false positive incident prevented AVG from accessing popular websites.

The problems started yesterday with users reporting seeing the alert on websites like Yahoo! Mail, Amazon.com, Craigslist or while playing the Mafia Wars Facebook game. “I just installed AVG on my laptop and am now getting an error message that a virus was found: www.google.com/recaptcha/api/js/recaptcha_ajax.js is infected with the HTML/Framer Has anyone else received this error message?,” a user wrote on the Google Web Search help forums.

However, this doesn't seem to be the only reCAPTCHA file for which the bogus detection was triggered. Other reports on AVG's own forums, where a topic related to the incident already has six pages, claim that the recaptcha.js and BrowserCompAp.js were also tagged as malicious.

The false positive was apparently being triggered through the toolbar installed by AVG in browsers like IE or Firefox. Users reported that the bogus alerts stopped after uninstalling this toolbar.

The problem was later confirmed by an AVG staffer named Ondra Ploteny, who announced on the forum that issue has been resolved and advised users to update to a new version of the definitions. “Hello all, please be informed that false positive detection "HTML/Framer" (www.google.com/recaptcha/api/js/recaptcha_ajax.js, BrowserCompAp.js) was already fixed with latest virus database update 271.1.1/3006 released 7/15/2010 6:44 AM CEST. Please update AVG virus database and check the websites once again. Apologies for any inconveniences. Thank you,” he wrote.

The AVG representative also advised users that the false positive is restricted to those files only. According to him the HTML/Framer is a real infection with many variants, that could very well affect other websites.

Antivirus false positives incidents are quite common, but they can be dangerous when they involve system files and leave tens of thousands of computers unusable. For example, two days ago Kaspersky's antivirus products erroneously blocked access to bbc.co.uk for allegedly being a phishing website.

You can follow the editor on Twitter @lconstantin