View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 14, 2015

Kaspersky ex-staff claim firm tricked rivals with phoney viruses

Dispute over intellectual property led to sabotage, sources tell Reuters.

By Jimmy Nicholls

Former staff at Kaspersky Lab have accused the Russian security firm of damaging rivals by tricking programs into misclassifying core software files as malicious.

Microsoft, AVG and Avast were among those said to have been targeted by the software vendor in a bid to make them disable vital files on customers’ machines, after the group’s founder Eugene Kaspersky became convinced rivals were copying his technology.

Speaking anonymously to Reuters, the pair of former employees, who claimed to have been part of the small team behind the operation, said: "Eugene considered this stealing.

"It was decided to provide some problems [for rivals]. It is not only damaging for a competing company but also damaging for users’ computers."

Kaspersky denied the allegations, saying: "Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing.

"Such actions are unethical, dishonest and their legality is at least questionable."

The alleged dispute over software copying came as security vendors increasingly shared data in a bid to outwit cybercriminals, who have enjoyed a lucrative rise over the past couple of years.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In 2010 Kaspersky even publicly complained that others were pinching its work, a practice that was made easier by the practice of data sharing.

As an experiment the security vendor created ten harmless files and told malware scanner VirusTotal they were malicious, which then led to 14 other security providers flagging them as dangerous.

Microsoft, AVG and Avast had previously told Reuters about unknown parties attempting to trick them with false positives, but did not comment on the allegations that Kaspersky had targeted them.

Dennis Batchelder, antimalware research director at Microsoft, had however told the newswire in April that his company found that a legitimate printing file had been injected with bad code in March 2013.

As such antivirus systems flagged the printing file as bad, owing to the similarity of the code. But in a subsequent investigation into thousands of other false positives Batchelder told his staff not to try to find the culprit.

"It doesn’t really matter who it was," he said to Reuters. "All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed."

It is not alleged that Kaspersky was responsible for the printing code attack.

According to Reuters’ sources, Kaspersky had manipulated false positives over a decade, with the peak time between 2009 to 2013.

Owing to knowledge of the false positives problem in general security companies have increasingly doubled-checked data from rival firms.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.