Kaspersky slams allegations it faked malware to harm rivals

By on
Kaspersky slams allegations it faked malware to harm rivals

Two former employees have alleged that Moscow-based Kaspersky Lab tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious – claims Kaspersky has vehemently denied.

As reported by Reuters, the pair alleged that the secret campaign began more than a decade ago, with Kaspersky said to have targeted Microsoft, AVG Technologies, Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers' PCs.

The former employees alleged that the attacks were ordered in part to retaliate against smaller rivals that Kaspersky Lab's co-founder, Eugene Kaspersky, felt were aping his software instead of developing their own technology.

"Eugene considered this stealing," said one of the former employees. Both sources requested anonymity when speaking to Reuters and said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorising clean files as malicious, so-called false positives. The company has released a statement in response to the Reuters article, slapping down the claims as "meritless and simply false" accusations by "anonymous, disgruntled ex-employees".

"Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable."

Kaspersky said it believed no antivirus company conducted the attacks "as it would have a very bad effect on the whole industry".

"Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted," according to Kaspersky.

Working together

The increasing collaboration between security vendors has increased the opportunity for such trickery, according to Reuters.

Vendors license each other's virus-detection engines, swap samples of malware, and send suspicious files to third-party aggregators such as Google's VirusTotal. This sharing allows quicker identification of new malware, but the collaboration also allows companies to borrow heavily from each other's work instead of finding bad files on their own, wrote Reuters.

The Reuters report said that in 2010, Kaspersky Lab complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent. In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: it created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky's lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky's complaints did not lead to significant change, the former employees said, it stepped up the alleged sabotage.

According to the Reuters report, one technique saw engineers take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, then send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well. VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an "unknown third party" manipulated Kaspersky into misclassifying files from Tencent, Mail.ru and the Steam gaming platform as malicious.

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

Kaspersky is one of the biggest antivirus software makers in the world, with 400 million users and 270,000 corporate clients. It has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran's nuclear program in 2009 and 2010.

With reporting by Reuters

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?