Final Update on Trojan on This Site: False Alarm

I promised to update people on a trojan that some people said their antivirus programs had alerted them to on my site. It was allegedly contained in an International Monetary Fund image.

On being alerted to it, I took the image down, and began investigating. Yesterday I posted the results of that investigation, which essentially made me think it was highly likely what was happening was a false positive. (Read the post for more details.)

Nevertheless, I kept the image down, and I sent the offending image to Kaspersky, the firm whose trojan scanner was the sole one alerting to this supposed image trojan. Here is the email response from them this morning:

date    Thu, Oct 23, 2008 at 1:17 AM
subject    RE: False alarm? [KLAB-7085047]
hide details 1:17 AM (6 hours ago)
Reply

Hello.
Sorry, it’s false alarm. It’s detection will be deleted in the next update. Thank you for your help.
—————–
Regards, Vladimir Krylov
Virus Analyst, Kaspersky Lab.

And there you have it. As I suspected, it was much ado about nothing. An over-eager scanner wrongly found a signature in a safe image. Such is life.

Related posts:

  1. Update on Possible Trojan
  2. Security Update: Possible Trojan
  3. VCs Now Ringing Alarm Bell: Silicon Valley Downturn
  4. Site Tech Update: Archives Up, Search Down
  5. Me, NPR, and the Cost of False Positives