Users of the Kaspersky anti-virus software received a bit of a surprise recently when visiting auburnpub.com: their anti-virus scanner alerted them to a "Trojan Horse" attack coming from our site. As scary as that sounds you can rest assured that there is no threat here and there never was.
Virus scanners are tasked with the monumental challenge of comparing each file they come across to hundreds of thousands of known threats. It would be hard enough to scan one file, let alone the hundreds of files per minute needed to protect someone who is browsing online. In order to speed up the process, the scanners analyze each known virus for a unique signature, a small subset of the virus whole, it's programatical DNA, if you will.
Occasionally though, these tiny snippets of code selected from each virus will have a match out there in the real world, and that match will be part of a legitimate, non-threatening and useful program. This brings about what is known in the anti-virus world as a "false-positive". In a false-positive, the anti-virus program analyzes a legitimate and useful file, and throws a red flag warning because it recognizes some small part of that file as being identical in form or function to a known virus. It could be that the virus author borrowed some useful code from a legitimate program. Also sheer cooincidence could be the culprit, with hundreds of thousands of known viruses being compared to billions of files, matches are bound to pop up as a matter or probability.
We aren't sure of the cause in this particular case, but Kaspersky Labs has verified that this is a false-positive that is affecting many websites, not just ours. They have also corrected the false-positive entries in their virus definitions, which means that Kaspersky users who like to browse auburnpub.com should see the warnings go away after their next virus definition update.
More information can be found on the web:
http://www.infosecblog.org/2009/04/kaspersky-and-csshoverhtc-poss.html
http://forum.kaspersky.com/index.php?showtopic=112217
Occasionally though, these tiny snippets of code selected from each virus will have a match out there in the real world, and that match will be part of a legitimate, non-threatening and useful program. This brings about what is known in the anti-virus world as a "false-positive". In a false-positive, the anti-virus program analyzes a legitimate and useful file, and throws a red flag warning because it recognizes some small part of that file as being identical in form or function to a known virus. It could be that the virus author borrowed some useful code from a legitimate program. Also sheer cooincidence could be the culprit, with hundreds of thousands of known viruses being compared to billions of files, matches are bound to pop up as a matter or probability.
We aren't sure of the cause in this particular case, but Kaspersky Labs has verified that this is a false-positive that is affecting many websites, not just ours. They have also corrected the false-positive entries in their virus definitions, which means that Kaspersky users who like to browse auburnpub.com should see the warnings go away after their next virus definition update.
More information can be found on the web:
http://www.infosecblog.org/2009/04/kaspersky-and-csshoverhtc-poss.html
http://forum.kaspersky.com/index.php?showtopic=112217
Citizen
Hot Jobs
New! Off the Menu
The Citizens' Say
Post your comment - click hereThere are 2 comment(s)
mamimbe wrote on Apr 10, 2009 1:34 PM:
Farmer's Gal wrote on Apr 10, 2009 11:07 AM:
Too many bells and whistles can choke an older machine -- mine isn't even old, nor on a slow connection, and I have the latest versions of 2 different browsers -- and I still run into trouble. Imagine how it is for folks on dial-up using an older machine. "