NOD32 and the Story of the Fake Alarms

The antivirus sent fake virus alerts

ESET NOD32 is one of the most popular antivirus solutions on the market but its popularity might be decreased by the recent fake alerts sent to the users. The parent company ESET confirmed the problems with its security product and said they were quickly fixed but didn’t mention a thing about the affected consumers.

According to the reports, NOD32 flagged several JavaScript web elements as theJS/Tivso trojan, causing important problems for the users. The folks from ESET said that the problem appeared due to some weird codes used by the creators of the advertising banners that were very similar with the ones implemented by virus creators.

“On July 1st at 12:41 AM CET ESET became aware of a false positive. Some advertising banners were incorrectly flagged as being infected with the JavaScript trojan JS/Tivso.14a.gen Trojan. By 2:00 AM CET update version 2366 went out, correcting the misdetection,” Randy Abrams, Director of Technical Education, said today. Later ESET researchers discovered that the generic signature covering JS/Tivso.13a.gen also would generate a false positive and at 7:01 PM update version 2368 was deployed to eliminate all known remaining problems with misdetection of this broad family of threats.

However, the glitch was somehow useful for the affected users because it seems like the banners were trying to execute actions in the background without notifying the user of the computer. The flaw made NOD32 block this banner and protect users from the annoying ads. The real problem was that the antivirus solution incorrectly flagged the banners as a dangerous Trojan horse that could harm users’ computers.

Source : Bogdan Popa, Security and Search Engines Editor -Softpedia


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s