Malwarebytes cripples thousands of computers with faulty software security update

Thousands of computers across the world have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code.

The security firm confirmed the mistake in a blog post on Tuesday, adding that the update has since been pulled.

“At around 3PM PST yesterday [Tuesday] Malwarebytes released a definitions update that disabled thousands of computers worldwide,” wrote Malwarebytes Marcin Kleczynski.

“Within eight minutes, the update was pulled from our servers. Immediately thereafter, users flocked to our support helpdesk and forums to ask us for a fix.”

The update definition made it so Malwarebytes protection software treated essential Windows.dll and .exe files as malware, thereby stopping them running and knocking IT systems and PCs offline.

It’s already been reported from some IT managers that the issues caused untold havoc on their systems.

One source at a UK organisation that uses Windows for customer-facing as well as back-office functions said the update had knocked out 80 percent of the company’s servers. No doubt many others were left in a similar predicament.

The firm has since posted up details for firms affected by the issue on its forum page.

Malwarebyte’s Kleczynski promised that the firm had already begun reworking its update policy to ensure the mistake doesn’t happen again.

“We acted over-zealously in that mission and realise far superior procedures around updating are needed. More was expected of us, and we failed,” wrote Kleczynski.

“We are commissioning several new resources to stop this from happening again. We are building more redundancy to check our researchers’ work and improving our peer review.”

Malwarebytes is one of many security firms to have pushed out faulty updates.

Trend Micro security expert Rik Ferguson said the need to combat new and fast moving threats makes faulty updates a constant danger for all players in the security industry, big or small.

“Knocking servers or workstations offline due to a bad software update is unfortunately real. It happens, and not just to the smaller players. The fact is that all security companies are potentially subject to this phenomenon, some have better track records than others, but no one has never suffered,” he said.

The growing pressure for security firms to rapidly combat new sophisticated malware threats is a growing issue within the industry.

Most recently the UK government has mounted several initiatives to increase information sharing and collaboration between private industry and the public sector to help deal with the threat.

This has included the creation of a Cyber Security Information Sharing Partnership (CISP) and Global Centre for Cyber Security based at Oxford University.

Last updated by on .