How do these malware-signature-matching mechanisms work? What are the odds that Chrome produces the same matchable-characteristics as Zeus malware? I don't want to leap to the conclusion that something fishy is going on here.
With some of the more advanced things like NaCl, it wouldn't surprise me at all if some of the functionality looked the same, or even had quite a similar purpose.
We don't know if the malware signature is on bits that do bad things, or just bits that had been unique to Zeus until now.
Edit: Also, some people are reporting no problems. It could be that those Chrome instances really were infected. We don't know where they got the download for Chrome from.
Ok, here's the high-level overview. An antivirus scanner uses the following (basic) types of detection:
1. Hash-based. This isn't as common nowadays, as there's a lot of malware that will generate a unique copy every hour or so.
2. Signature. This can be as simple as a byte sequence (i.e. anything with "C:\Badfile.exe" in it is a virus), to more complicated code using wildcards.
3. Heuristic. This can refer to anything from "files with an invalid digital signature are bad" to "files that have a high entropy and have no publisher are bad".
4. Emulation. The AV runs the file in a CPU emulator, tracks what it does, and attempts to determine if it's bad.
5. Behavioural. The AV lets the file run, tracks what it does, and then might stop it if it does enough "suspicious" actions.
So, in short, with all the various types of detection that modern antiviruses use, false-positives are almost inevitable. The teller is how fast the vendor reacts - and in this case, Microsoft seems to have reacted rather quickly.
