Microsoft was forced to push out an emergency update to its Security Essentials and Forefront products Friday after users complained that an updated virus signature intended to spot the Zeus Trojan was, instead, flagging and even removing instances of Google’s Chrome Web browser.
The fireworks began early Friday, after Microsoft released an otherwise innocuous signature update for the common Zeus – or Zbot – banking Trojan. Shortly after it was released, users of Microsoft’s Windows Security Essentials and Forefront Security began complaining on Twitter that the products were flagging Chrome as evidence of a Zbot infection and encouraging users to uninstall the product. The Redmond, Washington software firm responded quickly to the complaints, releasing an update to the signature within hours that corrected the detection problem, according to a post on Microsoft’s Web page.
“On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue.” the company said, without mentioning that it was the Chrome browser that was affected.
But users took notice, with many, mindful of Microsoft’s reputation as a no-holds-barred competitor, wondering whether the bad signature was a slip-up or a stealth effort to grab back some market share.
“Classifying your competition as malware might be taking things too far MS,” wrote a Twitter user with the handle @bryanbrannigan. “Love it! Microsoft Security Essentials just zapped my Google Chrome browser. Let the war begin!” wrote a Twitter user with the handle @EnukSears.
Chrome users who took the bait and allowed their browser to be removed by the Microsoft anti malware were less pleased. Uninstalling Chrome can cause the loss of bookmarks and other browser plug-ins, as well as require a restart of the “infected” system.
Zeus is a ubiquitous Trojan horse program that is often used to steal credentials from online banking customers using both Windows and common mobile platforms. The Zeus source code was leaked online in May and now Zeus components are showing up in a wide range of malware.