IE users stand down: Google not infected


For a period of time yesterday (Tues 2/14/12) Microsoft’s security products, Forefront and Microsoft Security Essentials, reported that www.google.com was infected with the Blacole.BW exploit for users browsing with Internet Explorer.

It appears as though the definition updates Microsoft released alongside the other Patch Tuesday updates caused a false positive for google.com and users began posting on the TechNet forums about the false positive shortly after the updates rolled out.

My malware inspection updated to 1.119.1972.0 and within 5 minutes started blocking www.google.com because of JS/Blacole.BW.  I’m almost sure this is a false positive given how queit the rest of the net is about it.  Is anyone else encountering the same thing?

I’m getting it at my work as well:

     Access to the requested file is blocked due to a detected infection:
     Category: Exploit
     Infection name: Exploit:JS/Blacole.BW

I’m just using https google instead.

False positives are not a rare occurrence. In fact I can’t think of one security provider who hasn’t – at one point – issued an update with a false positives. Unfortunately for Microsoft www.google.com is the most visited site on the net and this error was sure to draw immediate notice from users. Microsoft released updated definition files, which corrected the problem, almost 5 hours later and all is quiet on the exploit front.

My guess, and it is only a guess, is that this happened as the result of website hacks that have occurred over the past several days in which several high profile sites have been infected with the Blackhole Toolkit. In these recent incidents early reports indicate that the exploits were crafted to exclude Google’s IP address range. A mistake may have been made which associated Google’s IP’s with the attack instead of the exclusion from the attack. This is only a guess and a long shot at best.

If you run either Microsoft Security Essentials or Forefront you should check for updated definitions ASAP so you don’t experience the false positive and can continue happily browsing the internet!

Posted in:
About the Author

David Hartsock

Executive Editor/Owner/Admin of Daves Computer Tips and all-around good guy – Dave’s interest in computers began in the early 1980’s during the Apple II era. In the early 1990’s the PC began to replace proprietary and mainframe devices in Dave’s industry so he began to learn and experiment with the PC. Through DOS, Windows 3.1, Windows 95, Windows 98, Windows 2000, Windows XP, Vista, Windows 7, Windows 8.1, and now Windows 10. Dave became the “go to” guy for friends, family, and coworkers with computer problems. Daves Computer Tips was born in 2006 in an effort to share these experiences with others in an easy to understand, plain English, form.