I promised to update people on a trojan that some people said their antivirus programs had alerted them to on my site. It was allegedly contained in an International Monetary Fund image.
On being alerted to it, I took the image down, and began investigating. Yesterday I posted the results of that investigation, which essentially made me think it was highly likely what was happening was a false positive. (Read the post for more details.)
Nevertheless, I kept the image down, and I sent the offending image to Kaspersky, the firm whose trojan scanner was the sole one alerting to this supposed image trojan. Here is the email response from them this morning:
date Thu, Oct 23, 2008 at 1:17 AM
subject RE: False alarm? [KLAB-7085047]
hide details 1:17 AM (6 hours ago)
Sorry, it’s false alarm. It’s detection will be deleted in the next update. Thank you for your help.
Regards, Vladimir Krylov
Virus Analyst, Kaspersky Lab.
And there you have it. As I suspected, it was much ado about nothing. An over-eager scanner wrongly found a signature in a safe image. Such is life.