McAfee False-Positive Exploited By Hackers

Criminals have been keen to take advantage of the critical update bug that affected McAfee users in the past few days.

Graham Cluley, Contributor

April 24, 2010

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Criminals have been keen to take advantage of the critical update bug that affected McAfee users in the past few days.Most regular readers of Dark Reading will be only too aware of the problems that have faced users of McAfee's enterprise product.

A false-positive in McAfee's detection of the Wecorl.A virus caused hundreds of thousands of computers around the world to repeatedly reboot themselves, as the antivirus software mistakenly zapped the critical svchost.exe file.

To its credit, McAfee is discussing the problem on its online community forum, has apologized, withdrawn the buggy update, and advised customers on how to manually fix the affected computers.

But that hasn't stopped blackhat SEO hackers from creating poisoned Web pages that appear high in the search rankings if you hunt for information on the McAfee false-positive.

McAfee false positive problem exploited by hackers

McAfee false positive problem exploited by hackers

Clicking on one of these dangerous links can take you to a Website that harbors the Mal/FakeAV-BW scareware (also known as fake antivirus) attack, designed to trick you into believing you have a serious security problem on your computer -- and urging you to purchase or install other code from the hackers behind the scam.

If you have suffered from the false positive, then I suggest you visit McAfee's Website for advice -- and not to go clicking on unknown links.

More details about the fake antivirus attack associated with the McAfee false alarm can be found on my blog on the Sophos Website.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his award-winning other blog on the Sophos website, you can find him on Twitter at @gcluley. Special to Dark Reading.

About the Author

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights