subscribe: Daily Newsletter


Kaspersky denies false malware charges


Eugene Kaspersky has hit back at reports that his security company distributed faked malware.
An exclusive Reuters report quotes anonymous former employees, reporting that Kaspersky Lab tried to damage rivals in the marketplace by tricking their anti-virus software into classifying benign files as malicious.

Apparently the companies targeted were specifically Microsoft, AVG Technologies and Avast, although others were said to be tricked into deleting or disabling important files on their customers’ PCs.

The employees told Reuters that some of the attacks were to retaliate against other security companies that Kaspersky believed were copying his software instead of developing their own.

Writing in his blog, Kaspersky states: “The Reuters story is based on information provided by anonymous former KL employees. And the accusations are complete nonsense, pure and simple.

“Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous,” he adds.

The employees added that target companies were selected in order to help Kaspersky Lab build market share by damaging not only the target company but also its customers.

Researchers were apparently assigned to work on projects to reverse-engineer competitors’ virus detection software to determine how to fool them into flagging good files as malicious, the former employees said.

He goes on to say that there is a germ of truth in the report. “In 2012-2013, the anti-malware industry suffered badly because of serious problems with false positives. And unfortunately, we were among the companies badly affected. It turned out to be a coordinated attack on the industry: someone was spreading legitimate software laced with malicious code targeting specifically the antivirus engines of many companies, including Kaspersky Lab.

“It remains a mystery who staged the attack, but now I’m being told it was me,” he writes. “I sure didn’t see that one coming, and am totally surprised by this baseless accusation.”

Kaspersky explains that in November 2012 the company’s products produced false positives on several files that were in fact legitimate. These were the Steam client, game centre, and QQ client. An internal investigation showed that these incidents occurred as the result of a co-ordinated attack by an unknown third party.

“In 2013 there was a closed-door meeting among leading cybersecurity and other software industry players that also suffered from the attack – as well as vendors that were not affected by the problem but were aware of it,” Kaspersky writes. “During that meeting the participants exchanged information about the incidents, tried to figure out the reasons behind them, and worked on an action plan.

“Unfortunately no breakthrough occurred, though some interesting theories regarding attribution were expressed. In particular, the participants of the meeting considered that some other anti-virus vendor could be behind the attack, or that the attack was an attempt by an unknown but powerful malicious actor to adjust its malware in order to avoid detection by key anti-virus products.”

The former employees told Reuters that Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.