Eugene Kaspersky labels phoney-malware allegations ‘complete nonsense’

Eugene Kaspersky dismissed allegations that his company had created phoney malware in a bid to trick rival security firms into disabling core functions on customers’ machines.

In an irate blog post on Friday, the chief executive of Kaspersky Lab attacked the newswire Reuters, which spoke to two former staff at the security software company to obtain details of the alleged campaign.

"The accusations are complete nonsense, pure and simple," Eugene Kaspersky said. "Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous."

The original report from Reuters noted that in 2010 Kaspersky Lab became disgruntled over sharing of intellectual property, condemning a practice that had arisen following increased data sharing between cybersecurity firms.

It then went on to claim that Kaspersky Lab had decided to trick rivals using false positives over a decade long campaign peaking between 2009-2013, creating phoney malware by injecting legitimate files with malicious code, which would then be flagged by unwitting antivirus systems.

Whilst Eugene Kaspersky confirmed that the antimalware industry had suffered a "serious problem with false positives" between 2012 and 2013, he claimed that his firm was one of those affected in the attack.

"It turned out to be a coordinated attack on the industry: someone was spreading legitimate software laced with malicious code targeting specifically the antivirus engines of many companies, including [Kaspersky Lab]," he said.

"It remains a mystery who staged the attack, but now I’m being told it was me! I sure didn’t see that one coming, and am totally surprised by this baseless accusation!"

At the time he said Kaspersky believed the attackers might have had knowledge of how various vendors’ detection algorithms worked, allowing them to inject code where it would be searched for by the firms’ products.

The chief executive added that there had been a "closed-door meeting" between security vendors in 2013, during which some antivirus firms suggested a vendor might be behind the attack.

Responding to Reuters’ piece, Liam O’Murchu, a security researcher at Symantec, tweeted: "We had investigated these attacks [at the time] but could not find out who was behind them.

"We had some suspects, Kaspersky was not one of them."