Trend Micro has retracted last weeks claim to have discovered a Trojan that could exploit vulnerabilities in the Windows graphics engine.
The claim was highly significant because Microsoft had only patched the critically-rated flaws days earlier. If true, it would have been evidence that malware writers were getting closer to writing a feared zero day exploit, where a vulnerability is attacked before its existence has been discovered and a patch issued.
Trend has now admitted that the Troj_emfsploit.A Trojan was mis-analysed by its security team, and the appearance of exploiting the flaws was probably an unfortunate coincidence.
The company had claimed the Trojan could cause explorer.exe - which supports the Windows GUI shell - to crash. Customers that had not yet applied Microsofts patch MS05-053 would have been vulnerable.
In fact, it turns out that it can only cause a GUI crash in Windows XP systems prior to the Service Pack 1 (SP1) update of 2002. Windows 2000 systems are vulnerable up to Service Pack 4.
"Given the time we needed to react to this, we didn't analyze it thoroughly. We wanted to do something fast and perhaps we didn't spend sufficient time on it," said Trend chief technologist, Raimund Genes in an interview with a third-party source.
Trend has now removed the explicit claim of an exploit from its website description of the Trojan, and has fallen back on the a generic statement that the Trojan exhibits behaviour similar to the Enhanced Metafile vulnerability of MS05-053.
Infection rates for the Trojan are rated as zero across all areas of the world, according to the site.
The affair is not only embarrassing but mildly ironic. Earlier this year, a software update from Trend was said to have caused Windows XP SP2 systems to grind to a halt. The company fielded support calls from nearly 30,000 customers and had to issue a patch to sort the problem.
Only two months before that, the company suffered from a major vulnerability in its own anti-virus software, that affected 30 of its products.