Former staff at Kaspersky Lab have accused the Russian security firm of damaging rivals by tricking programs into misclassifying core software files as malicious.
Microsoft, AVG and Avast were among those said to have been targeted by the software vendor in a bid to make them disable vital files on customers’ machines, after the group’s founder Eugene Kaspersky became convinced rivals were copying his technology.
Speaking anonymously to Reuters, the pair of former employees, who claimed to have been part of the small team behind the operation, said: "Eugene considered this stealing.
"It was decided to provide some problems [for rivals]. It is not only damaging for a competing company but also damaging for users’ computers."
Kaspersky denied the allegations, saying: "Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing.
"Such actions are unethical, dishonest and their legality is at least questionable."
The alleged dispute over software copying came as security vendors increasingly shared data in a bid to outwit cybercriminals, who have enjoyed a lucrative rise over the past couple of years.
In 2010 Kaspersky even publicly complained that others were pinching its work, a practice that was made easier by the practice of data sharing.
As an experiment the security vendor created ten harmless files and told malware scanner VirusTotal they were malicious, which then led to 14 other security providers flagging them as dangerous.
Microsoft, AVG and Avast had previously told Reuters about unknown parties attempting to trick them with false positives, but did not comment on the allegations that Kaspersky had targeted them.
Dennis Batchelder, antimalware research director at Microsoft, had however told the newswire in April that his company found that a legitimate printing file had been injected with bad code in March 2013.
As such antivirus systems flagged the printing file as bad, owing to the similarity of the code. But in a subsequent investigation into thousands of other false positives Batchelder told his staff not to try to find the culprit.
"It doesn’t really matter who it was," he said to Reuters. "All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed."
It is not alleged that Kaspersky was responsible for the printing code attack.
According to Reuters’ sources, Kaspersky had manipulated false positives over a decade, with the peak time between 2009 to 2013.
Owing to knowledge of the false positives problem in general security companies have increasingly doubled-checked data from rival firms.