Cyber Felons Exploited McAfee's FP Incident

According to the security experts, an incident of FP (false positive) malware detection affected the customers of security firm McAfee on April 21, 2010. The incident is now being misused by cyber miscreants to distribute rogueware or scareware, and poison Web pages.

Reportedly, the security firm, early on April 21, 2010, issued a defective signature update, which faultily labeled a critical system file in the Windows XP SP3 as malware.

After the file was quarantined by the software, thousands of computers, a majority of them in businesses, stopped working and rebooted repetitively.

Seemingly, the firms are still facing the consequences. In fact, the incident forced some firms to reconfigure thousands of their systems manually.

Graham Cluley, Senior Technology Consultant at the security firm Sophos commented that the cyber crooks have used blackhat SEO (BHSEO) techniques to get their poisoned Web pages at the top in search rankings if someone looks for details regarding the false positive of McAfee, according to the statement published by Softpedia.com on April 22, 2010.

He further said that if someone clicks on such a malicious link, then his/her computer may face a fake anti-virus attack (or scareware). This may try to con the user into divulging their credit card details or install a malcode (malicious code) onto the system, as reported by ComputerWorld.com on April 22, 2010.

Further, another security firm PandaLabs in its blog post said that these dangerous links are a result of search terms "McAfee update" and "McAfee 5958," by the users. "McAfee 5958" is a reference to the defective update's designation as reported by ComputerWorld.com on April 22, 2010.

Also, though the Internet is still buzzing with this topic, McAfee has recognized the issue on its community blog forum. It has apologized and has deleted the flawed update and has also issued a fix.

To conclude, scareware purveyors have earlier also exploited the troubles of the security firm for their benefits. Last year in March, same sort of BHSEO campaign debased search results associated with an unsigned PIFTS.EXE file that was released by Symantec. This case resulted in mass confusion among the users.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 5/4/2010