- Black couple says they were accused of stealing during marriage proposal Tuesday 6:57 PM
- How to live stream Robert Mueller’s testimony Tuesday 6:00 PM
- ‘MAGA Bomber’ believed that antifa was trying to murder Papa John’s employees Tuesday 5:23 PM
- Forever 21 under fire for sending Atkins diet bars with online orders Tuesday 4:56 PM
- Apple denies boosting its own apps in App Store Tuesday 4:25 PM
- The new Overwatch hero is a naked foot enthusiast, apparently Tuesday 4:19 PM
- Bella Thorne comes out as pansexual Tuesday 3:17 PM
- Macy’s pulls portion-control plates after social media uproar Tuesday 2:59 PM
- John Oliver confirms the internet’s suspicions about that ‘Lion King’ cast photo Tuesday 2:14 PM
- Report: Fake Libra accounts rampant on Facebook, Instagram Tuesday 2:10 PM
- Tennessee neighbors form human chain to help father and son escape ICE Tuesday 1:57 PM
- Google settled two multi-million dollar lawsuits this week Tuesday 1:26 PM
- How to live stream Guadalajara vs. Atletico Madrid Tuesday 12:47 PM
- Forget Area 51—People are planning to storm the Bermuda Triangle Tuesday 12:41 PM
- It’s too late to book a room for the Area 51 raid Tuesday 12:28 PM
Kaspersky blames allegations of corporate sabotage on ‘disgruntled ex-employees’
Kaspersky’s CEO called the allegations baseless, but in more colorful way.
Moscow-based security company Kaspersky Labs on Friday called an accusation that it faked malware to harm its competitors “meritless and false.”
In a Reuters article published Friday morning, two former employees accused the company of “classifying benign files as malicious” in an attempt to sabotage other antivirus software developers. Kasperky’s CEO, Eugene Kaspersky, was specifically named in the article as having ordered retaliatory “attacks” against company rivals.
The ex-employees, who were granted anonymity by Reuters, further claimed they were tasked by Kaspersky for “weeks or months at a time” to reverse-engineer competitors’ antivirus products for the purpose of fooling the software into detecting important computer files as malicious.
In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.
Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.
Reuters did not provide any additional documents or code to support the former employees’ allegations. The news agency spoke with several of other security companies, including Microsoft, AVG, and Avast, that claimed “unknown parties” had tried to sabotage their programs by inducing false positives. None would identify Kaspersky Lab as the culprit.
note to self: when I publish my next APT report, I’ll make sure to quote at least two anonymous sources, for added credibility.
— Stefan Tanase (@stefant) August 14, 2015
“[T]he accusations are complete nonsense, pure and simple,” wrote Kaspersky, the CEO, in a blog post Friday afternoon. “Disgruntled ex-employees often say nasty things about their former employers; but, in this case, the lies are just ludicrous.”
“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” a spokesperson for Kaspersky Lab added in a statement Friday.
The company added that the exchange of threat information is “critical” to the “entire IT ecosystem,” and that it “fight[s] hard to help ensure that this exchange is not compromised or corrupted.”
In 2010, Kaspersky Labs uploaded, as part of an experiment, non-malicious files to VirusTotal, an online antivirus solution owned by Google that relies on dozens of other malware databases, including Kaspersky’s. The files would not have caused false positives, the company said, adding that “we made it public and provided all the samples used to the media so they could test it for themselves.”
“We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior),” the company said.
Kaspersky Lab—which has repeatedly been accused of colluding with the Russian government, a claim the company has just as often denied—said it was among vendors previously impacted by an unknown individual or company intentionally uploading files that would generate false positives for antivirus products. According to Kaspersky, the company met privately with other leading antivirus vendors at a Berlin conference in October 2013 to exchange information and develop an action plan.
“In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives,” Kaspersky wrote. “And unfortunately, we were among the companies badly affected.”
It is remains unclear who was behind the malicious campaign, he said.
Photo by Web Summit/Flickr (CC BY 2.0)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.