Moscow-based security company Kaspersky Labs on Friday called an accusation that it faked malware to harm its competitors “meritless and false.”
In a Reuters article published Friday morning, two former employees accused the company of “classifying benign files as malicious” in an attempt to sabotage other antivirus software developers. Kasperky’s CEO, Eugene Kaspersky, was specifically named in the article as having ordered retaliatory “attacks” against company rivals.
The ex-employees, who were granted anonymity by Reuters, further claimed they were tasked by Kaspersky for “weeks or months at a time” to reverse-engineer competitors’ antivirus products for the purpose of fooling the software into detecting important computer files as malicious.
In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.
Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.
Reuters did not provide any additional documents or code to support the former employees’ allegations. The news agency spoke with several of other security companies, including Microsoft, AVG, and Avast, that claimed “unknown parties” had tried to sabotage their programs by inducing false positives. None would identify Kaspersky Lab as the culprit.
note to self: when I publish my next APT report, I'll make sure to quote at least two anonymous sources, for added credibility.— Stefan Tanase (@stefant) August 14, 2015
“[T]he accusations are complete nonsense, pure and simple,” wrote Kaspersky, the CEO, in a blog post Friday afternoon. “Disgruntled ex-employees often say nasty things about their former employers; but, in this case, the lies are just ludicrous.”
“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” a spokesperson for Kaspersky Lab added in a statement Friday.
The company added that the exchange of threat information is “critical” to the “entire IT ecosystem,” and that it “fight[s] hard to help ensure that this exchange is not compromised or corrupted.”
In 2010, Kaspersky Labs uploaded, as part of an experiment, non-malicious files to VirusTotal, an online antivirus solution owned by Google that relies on dozens of other malware databases, including Kaspersky’s. The files would not have caused false positives, the company said, adding that “we made it public and provided all the samples used to the media so they could test it for themselves.”
“We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior),” the company said.
Kaspersky Lab—which has repeatedly been accused of colluding with the Russian government, a claim the company has just as often denied—said it was among vendors previously impacted by an unknown individual or company intentionally uploading files that would generate false positives for antivirus products. According to Kaspersky, the company met privately with other leading antivirus vendors at a Berlin conference in October 2013 to exchange information and develop an action plan.
“In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives,” Kaspersky wrote. “And unfortunately, we were among the companies badly affected.”
It is remains unclear who was behind the malicious campaign, he said.
Photo by Web Summit/Flickr (CC BY 2.0)