Users who protect their computers using Microsoft’s Security Essentials were alarmed by a warning message that claimed google.com was infected with a piece of malware called Exploit:JS.Blacole.BW, or better known as the Blackhole Exploit Kit.
According to Brian Krebs, the security solution started naming the world’s most popular search engine as being malicious after Microsoft released the
February 2012 security updates.
“The alerts appear to be the result of a ‘false positive’ detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free ‘Security Essentials’ antivirus software,” Krebs said.
Microsoft support forums were becoming flooded with concerned and annoyed customers who didn’t know what to make of the detection. All of them claimed that everything started after they installed the latest security update provided by the Redmond company.
A few hours later, Microsoft representatives responded to the inquiry of a customer to say that they were investigating the issue.
While some users reported that only Internet Explorer browsers identified google.com as being malicious, and only in certain operating system - browser combinations, others complained that the behavior was present in all browsers, including Chrome, Firefox and Opera.
A couple of hours ago, after determining that indeed it’s a false positive, probably originating in the latest signature, Microsoft representatives revealed that an update is on its way.
False positives that affect a large number of users are not uncommon. Some time ago we’ve seen that ESET’s Nod32 identified Facebook as containing a piece of malware.
In September 2011, the same Microsoft Security Essentials appointed Google Chrome as being malicious, blocking users from utilizing the browser.
Users who are still getting the warning message about google.com should install the latest virus signature database and restart their computers.