In a truly bizarre twist of events yesterday, anti-virus software from the British firm Sophos began to detect its own components as malware, leading to a breakdown in many customers' security configurations.
According to Sophos’ blog, customers began to see detection alerts of malware called "Shh/Updater-B," which Sophos automatically quarantined.
It turned out that Shh/Updater-B is actually an essential part of Sophos' Windows security suite. The company alerted customers that the alerts were false positives and pushed out an update to correct the issue.
But all was still not well. Shh/Updater-B is the part of the anti-virus suite that receives and processes malware-definition updates. If it were to be quarantined or deleted, Sophos' security suite wouldn't be able to repair itself.
According to the Register, some corporate customers watched their systems struggle and fail to update last night and this morning because they were missing the necessary files to do so.
Sophos instructed customers to "double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to 'deny access' and not delete or move."
For some customers, key components and updates for the anti-virus program likely were, or will be, deleted.
TheNextWeb's Emil Protalinski summed it up. "Not only was Sophos’ detecting itself as malware, it was moving or deleting said components and effectively castrating itself."
Sophos customers should be on the lookout for symptoms such as any detection alerts for "Shh," a missing Sophos shield or a failure for the Sophos software to update properly.
In its advisory, Sophos apologized for "all of the disruption caused to our many customers and partners worldwide" and said it was committed to avoiding a repeat of this issue.
"We recognize the issue is very serious, and are doing everything we can to resolve it," the company said. "We are launching a full investigation to analyze how this happened, to ensure that it never happens again, and will provide further information on the analysis in due course."
The worst of Sophos' problems this week are over, hopefully, as the company works to help its customers clean up the mess.
The issue affected only Sophos anti-virus software for Windows machines, so Sophos clients running Mac OS X, Android and Linux can rest easy.