Kaspersky Denies ‘Secret Campaign’ to Trick Competitors on False Malware
Malware specialist Kaspersky Labs vigorously denied a report that it intentionally discredited rivals and tricked users of rival anti-virus programs from Microsoft (MSFT), AVG Technologies (NV), Avast and others by infecting clean files to identify them as corrupted.
A Reuters report relying on two former Kaspersky employees said the idea behind generating false positives was to hoodwink users of the competing programs into deleting or disabling normal files, discrediting other anti-malware providers in the process. Kaspersky co-founder Eugene Kaspersky was said to have backed the so-called secret operation to improve his company’s market position and retaliate against smaller rivals copying his code rather than developing their own.
Kaspersky vigorously and repeatedly denied the allegations, telling Reuters that it “has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable.”
The former Kaspersky employees claimed they were told to manufacture false positives “off and on for more than 10 years, with the peak period between 2009 and 2013,” the report said. Their job was to reverse engineer rivals’ anti-malware software so it tagged clean files as compromised and follow up by anonymously reporting the malicious code to information exchange agencies such as VirusTotal, according to the employees.
“It was decided to provide some problems,” one of the ex-employees reportedly said. “It is not only damaging for a competing company but also damaging for users’ computers.”
In a subsequent blog post, Eugene Kaspersky called the report “complete BS,” adding, “Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous.”
Kaspersky attacked the report as lacking evidence. “Maybe these sources managed to impress the journalist, but in my view publishing such an ‘exclusive’ – WITHOUT A SHRED OF EVIDENCE – is not what I understand to be good journalism,” he wrote. “I’m just curious to see what these ‘ex-employees’ tell the media next time about us, and who might believe their BS. The reality is that the Reuters story is a conflation of a number of facts with a generous amount of pure fiction.”
According to the Reuters report, Microsoft, AVG and Avast all said they were aware of attempts to create false positives from their software that had gone on for a number of years. None, however, directly accused Kaspersky.
For its part, Kaspersky said that it, too, had been victimized by claims of false positive malware.
“In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives,” Eugene Kaspersky said. “And unfortunately, we were among the companies badly affected. It turned out to be a coordinated attack on the industry: someone was spreading legitimate software laced with malicious code targeting specifically the antivirus engines of many companies, including Kaspersky Lab. It remains a mystery who staged the attack, but now I’m being told it was me! I sure didn’t see that one coming, and am totally surprised by this baseless accusation!” he said.
“In 2013 there was a closed-door meeting among leading cybersecurity and other software industry players that also suffered from the attack, as well as vendors that were not affected by the problem but were aware of it,” Kaspersky wrote. “During that meeting the participants exchanged information about the incidents, tried to figure out the reasons behind them, and worked on an action plan. Unfortunately no breakthrough occurred, though some interesting theories regarding attribution were expressed. In particular, the participants of the meeting considered that some other AV vendor could be behind the attack, or that the attack was an attempt by an unknown but powerful malicious actor to adjust its malware in order to avoid detection by key AV products,” he said.
The cyber security provider said it has responded by improving its algorithms to defend against false malware samples.
“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.