I then tested installing the Alexa toolbar onto a brand-spanking new Windows Vista PC. As the file was downloading, Windows Defender popped up with a warning and said the risk/Alert Level was "High".
I installed the file anyway and it once again classified the Alexa Toolbar as Win32/VB.BZ, a "trojan clicker", according to the results I see via a Google search on Win32/VB.BZ.
The files it found were C:\WINDOWS\system32\alxres.dll and C:\WINDOWS\AlxTB1.dll - legitimate Alexa files.
So does Microsoft have it in for Alexa? What gives? This is a valuable tool used by millions of users to track their own traffic and their competitors traffic. Yes, it is a "form" of spyware since it reports your web surfing habits, but it certainly isn't a "trojan clicker". Clearly this is a mis-classification on Microsoft's part. Also, the risk level should be "Medium" at worst - not "High". I should add that most users that install the Alexa toolbar are aware that it reports which websites you visit .
I'm going to research this some more and post more here. Stay tuned!
Update:
One theory I have is that the actual Win32/VB.BZ "TrojanClicker" uses a very similar "signature" that Alexa does. Anti-virus and anti-spyware programs rely on signature fingerprints to identify threats. It's possible Win32/VB.BZ "TrojanClicker" was developed with a similar signature as Alexa on purpose to try and masquerade itself as the Alexa toolbar. In the process of trying to look like Alexa's signature, Microsoft Defender is probably identifying the Alexa Toolbar incorrectly.
