Kaspersky Lab false positive: Google ads spread no Trojan.JS.Redirector.ar virus

If you happen to use antivirus software created by Kaspersky Lab, you have probably seen the Trojan.JS.Redirector.ar virus warring quite a lot of times today. It turns out that a flaw in several of the company’s software products caused the unnecessary panic by recognizing all Google ads websites as infected. ZoneAlarm as well as F-Secure antivirus software products have also been affected by this problem.

Luckily the Kaspersky Lab have already stepped in and calmed everybody down by releasing an official statement. It confirms that Google aren’t spreading some sort of a virus through their sites, only their erroneous software products thought so. So, the message from above is nothing but a false alarm.

I’m glad that the guys at Kaspersky reacted so quickly with the statement and I hope that the problem will be gone quite soon. Normally, antivirus software should make us feel safe while surfing and not spread panic, right?

Read on http://support.kaspersky.com/kis2010/error?qid=208281219

 

I use kaspersky and didn't notice a thing...

 

So 3 products claim malware - but its officially a false positive?

Why would I think it more likely Google's server got infected...

 

Yes could be a legitimate website becoming compromised and infected.

 

Erm, it is more likely they(AV) screwed up.
If they share virus definition files they are likely to end up with the same conclusion. It is not the first time screw up like this occurs.
AVG even attempted to remove Windows System files.
This is also why I feel many AV solution is overrated just a decent free one will do.
And basically since MSE is created by MS the chances MSE self kill Windows is lower hence better.
Even if it did self kill (and made Microsoft a laughing stock) at least you didn't pay any money for it.
Google server runs Linux probability of infection is very very low.

 

Who knows, maybe multiple anti-malware software use a similar approach to identify JS malware...

 

I totally agree with that statement.

 

But then again Microsoft products/windows appear to have plenty/regular security vulnerabilities that let malware in. I would not be surprised if Microsoft anti-virus software missed half of the malware.

 

You are having a wrong idea of vulnerabilities and how AV works.
Vulnerabilities are created because of bad programming practice and bugs in code(can be inherently low level as well).
While Antivirus detects malware by code pattern.
It is Apple and Orange.
Even UNIX has its own vulnerabilities except it is not published as widely.
In Linux it is promptly fixed due to wide community support and code analysis.
You can have a sample how good is MSE(free) by using it no need to debate over something you can put to test.
Personally I don't need a Super Anti-Virus that can track down every malware just most will do.
I just need something that is
1)Cheap (Free)
2)Doesn't eat up a lot of CPU cycles
3)Doesn't turn rogue and kill my Windows OS after some virus definition file update (Any AV that does that automatically earns a EPIC FAILURE tag it is like the Police turn rogue)

 

Exactly. Bad programming. Does this bad programming/software development extend to their anti-virus development/programming? Personally I do actually use Microsoft Security Essentials now and again as an on demand (and full scan) scanner (remembering to turn off the process and service when not using).

As for Kaspersky, it would be interesting to know if it was a false positive or google being compromised? Would google admit a compromise in their website?

 

Google runs Linux very unlikely it got compromised.
And Kaspersky admits they sucked.
Bad Program can be usage of vulnerable function calls, or simply a low level IA-32 bug or bug in C++ function libraries.
It is not something that you can easily detect.
You have to understand that IA-32 is not perfect neither is C++.
What is important that bugs are detected and fixed regularly.

 

Yes most virus are windows based but there are Linux virus out there and Linux can also be compromised.

 

Correct but a Linux Virus can't spread onto Windows I believe because they use different software API.

 

How about infect the Linux Server. Once the Linux Server is infected then the virus writes Windows API code to the visiting computer running windows.

 

I just have to say to make this run perfectly it is going to be very difficult.

 

Possibly quite easy.

Write a virus dedicated to Apache etc. based webservers, and have them carry a Windows Virus as payload that is then served to Windows etc. PCs.

Once you have a virus in an OS it can reasonably easy dish out any payload.

Now the question is:
How secure is Google's server.

 

Remember though, most servers (corporate servers) are Linux or Unix based. The virus still spreads onto Windows (because the vulnerability on the server opens the door). As a crude example, if a JPEG has Code written in it to infect Windows then if the visiting computer is Windows the code/virus will run. If the visiting computer is Linux/Mac then the code/virus will not run. The Linux Server is only the host/transmission mechanism to spead the virus. The Linux Server passes on the infected JPEG on to other computers (the end user is only affected if they are running windows).

 

It is not as easy as it sounds because Windows do have certain level of protection against code exploits.
I can names some: Address Space Randomisation, NX and some more.
Especially those that request elevated permission.
Most of the time Windows malware run because the user was tricked onto making it run.
The amount of code you do will make asking the client to run a downloadable executable much easier.
What I was thinking you were saying is a malware that propagate through both Windows and UNIX.

 

Remember the vulnerability on the Linux Server could simply be a PERSON (within the company) accepting an infected ad for their banner advertisement. The Linux Server then passes on this infected ad to visiting computers. The key is to first infect the Linux/Unix server. Then the second stage is to pass on the virus to visiting computers that run the windows virus code.