All the latest UK technology news, reviews and analysis

Malwarebytes cripples thousands of computers with faulty software security update

17 Apr 2013
malware virus security threat

Thousands of computers across the world have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code.

The security firm confirmed the mistake in a blog post on Tuesday, adding that the update has since been pulled.

"At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes Marcin Kleczynski.

"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."

The update definition made it so Malwarebytes protection software treated essential Windows.dll and .exe files as malware, thereby stopping them running and knocking IT systems and PCs offline.

V3 has already heard from some IT managers that the issues caused untold havoc on their systems.

One source at a UK organisation that uses Windows for customer-facing as well as back-office functions told V3 the update had knocked out 80 percent of the company's servers. No doubt many others were left in a similar predicament.

The firm has since posted up details for firms affected by the issue on its forum page.

Malwarebyte's Kleczynski promised that the firm had already begun reworking its update policy to ensure the mistake doesn't happen again.

"We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski.

"We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."

Malwarebytes is one of many security firms to have pushed out faulty updates.

Trend Micro security expert Rik Ferguson told V3 the need to combat new and fast moving threats makes faulty updates a constant danger for all players in the security industry, big or small.

"Knocking servers or workstations offline due to a bad security software update is unfortunately real. It happens, and not just to the smaller players. The fact is that all security companies are potentially subject to this phenomenon, some have better track records than others, but no one has never suffered," he said.

The growing pressure for security firms to rapidly combat new sophisticated malware threats is a growing issue within the industry.

Most recently the UK government has mounted several initiatives to increase information sharing and collaboration between private industry and the public sector to help deal with the threat.

This has included the creation of a Cyber Security Information Sharing Partnership (CISP) and Global Centre for Cyber Security based at Oxford University.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Java Developer - 65-75k+ - London/ Bond Street

London's premier online holiday provider are looking...

Mobile Developer - iOS, Android, Greenfield, Financial Apps

Mobile Developer - iOS, Android, Greenfield, Financial...

Senior Front End Developer - fixed term contract

An industry leading software company who specialise in...

Senior Java Engineer - 40-50k - Media/ Digital

The worlds leading 'imagery technology' organisation...
To send to more than one email address, simply separate each address with a comma.