In an development first reported by Ryan Naraine, the free antivirus and anti-malware program Microsoft Security Essentials (MSE) has been deleting the popular Google Chrome browser claiming that it was a piece of malware from the Zeus family of trojans. The Chrome help forum logged over 289 comments in less than 2 hours on this issue. Affected users all reported that MSE advised them that they had a malware attack, and asked if they wanted MSE to remove it. If the user said yes, (and who would not?) then the “malware” was removed by MSE. As part of the removal process the user was asked to restart the affected machine. Once rebooted, Chrome was gone.
The Zeus Trojan has been responsible for over $70 million USD in losses to banks and businesses, according to the American Federal Bureau of Investigation. There are reports that the Zeus source code has been recently released into the public domain, making it a serious risk for businesses. Also, as business IT departments look for more ways to save deployment costs, Chrome and MSE are being seen on more and more desktops in businesses, not just home computers.
Microsoft was quick to respond to the issue and has issued a fix for the problem. Apparently, MSE saw the Zeus Trojan file PWS:Win32/Zbot in the chrome.exe file. Microsoft asks that MSE (and Microsoft Forefront as well since it uses the same anti-malware engine) users do the following:
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Released: Sep 30, 2011
Microsoft also issued a press release that stated as follows:
"On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers' PCs. We have already fixed the issue -- we released an updated signature (1.113.672.0) at 9:57 a.m. PDT -- but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers."
The take away for users is first be sure you set up syncing for your bookmarks in Google Chrome. Second, never assume your computer is smarter than you are, and always review what it is going to do to itself before you click that button.