All the latest UK technology news, reviews and analysis


Malwarebytes cripples thousands of computers with faulty software security update

17 Apr 2013
malware virus security threat

Thousands of computers across the world have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code.

The security firm confirmed the mistake in a blog post on Tuesday, adding that the update has since been pulled.

"At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide," wrote Malwarebytes Marcin Kleczynski.

"Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix."

The update definition made it so Malwarebytes protection software treated essential Windows.dll and .exe files as malware, thereby stopping them running and knocking IT systems and PCs offline.

V3 has already heard from some IT managers that the issues caused untold havoc on their systems.

One source at a UK organisation that uses Windows for customer-facing as well as back-office functions told V3 the update had knocked out 80 percent of the company's servers. No doubt many others were left in a similar predicament.

The firm has since posted up details for firms affected by the issue on its forum page.

Malwarebyte's Kleczynski promised that the firm had already begun reworking its update policy to ensure the mistake doesn't happen again.

"We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed," wrote Kleczynski.

"We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers' work and improving our peer review."

Malwarebytes is one of many security firms to have pushed out faulty updates.

Trend Micro security expert Rik Ferguson told V3 the need to combat new and fast moving threats makes faulty updates a constant danger for all players in the security industry, big or small.

"Knocking servers or workstations offline due to a bad security software update is unfortunately real. It happens, and not just to the smaller players. The fact is that all security companies are potentially subject to this phenomenon, some have better track records than others, but no one has never suffered," he said.

The growing pressure for security firms to rapidly combat new sophisticated malware threats is a growing issue within the industry.

Most recently the UK government has mounted several initiatives to increase information sharing and collaboration between private industry and the public sector to help deal with the threat.

This has included the creation of a Cyber Security Information Sharing Partnership (CISP) and Global Centre for Cyber Security based at Oxford University.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
13%
24%
12%
6%
45%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Helpdesk Analyst

Fragomen is the largest law firm in the world dedicated...

1st / 2nd Line Technical Support Consultant - Broadband, Voice, TCP/IP

1st / 2nd Line Technical Support Consultant - Broadband...

Head of Digital

Marketing, Communications & Development - Head...

Senior IT Technical Engineer 2nd / 3rd Line Support - VMware View

Senior IT Technical Engineer 2nd / 3rd Line Support...
To send to more than one email address, simply separate each address with a comma.