AVG update to fix false Trojan warning
Anti-virus giant AVG sparked fear among internet users on Thursday after its popular security scanner falsely identified websites as infected with a malicious Trojan horse application.
Visitors to popular websites, such as Mirror.co.uk and Twitch.tv, were greeted with a warning that AVG had detected a threat called "Trojan horse Exploit.SWF_c.AP", with the recommendation to remove it. Once removed, the warning pop-up window would reappear multiple times.
The particular file that was being detected in this instance was an "SWF" file which is a very common Adobe Flash file often used widely to provide rich multimedia advertisements on websites.
Malicious versions of these files have been implicated in serious attacks that exploit vulnerabilities in un-patched Adobe Flash software.
Exploit SWF_c is a malicious application that allows hackers to remotely access your computer system and modify files, steal personal information and install more unwanted software.
However, AVG has admitted that the warnings were 'false positives'. False positives, also known as false alarms, are when an anti-virus product makes a mistake, warning you of a threat when in fact one isn't present.
With many millions of pieces of malware in existence, security experts say it is a challenge to ensure that all threats are detected by anti-virus software without panicking users by incorrectly detecting a threat when one isn't there.
Tony Mays, Europan PR Director at AVG Technologies, said: "Our virus-lab confirms it’s a false positive and from the next update the detection should disappear. Our antivirus detection uses multiple technology layers to detect malware and, due to very subtle differences sometimes between legitimate and malicious files, that detection can occasionally identify clean files incorrectly. We always work towards eliminating incorrect (false positive) detections as much as possible, but we also like to err on the side of caution".
Security expert Graham Cluley says: "False alarms in anti-virus programs are nothing new - products have even false alarmed in the past on regular Windows files. The problem is that the typical user cannot tell the difference between a genuine malware warning and a false alarm. They look identical. Sometimes running a different security program can help -- if it also detects a threat then the chance of the warning being legitimate increases, although it's also possible that the second program has also made a mistake.
"The risk is that users will panic when they see the warning, and take action to try to 'remove' it. There certainly have been cases in the past where users have caused more problems because of an anti-virus program making a mistake. If there is any doubt in your mind, you should contact your security vendor and ask them to confirm whether an infection really is present".
AVG said its customers are always welcome to submit files or web links they believe are being detected incorrectly at http://www.avg.com/submit-sample.