Kaspersky Lab rebuffs claims it faked malware
Russian vendor bats away claims by two former employees that it waged false positive campaigns against Microsoft, AVG and other rivals
Kaspersky Lab has denied claims from two anonymous former employees that it suckered competitors into categorising benign files as malicious.
According to Reuters, beginning ten years ago, the Russian anti-virus vendor tried to harm rivals including Microsoft, AVG and AVAST by tricking their software into generating false positives.
The report cited two anonymous former employees of Kaspersky who said they were among a small group of people aware of the operation.
Kaspersky co-founder Eugene Kaspersky (pictured) ordered some of the attacks, the sources said, partly because he felt his software was being aped by smaller competitors.
However, Kaspersky - which is one of five 'leaders' in Gartner's most-recent endpoint protection Magic Quadrant - strongly denied the claims.
"Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable."
Rahul Kashyup, chief security architect at endpoint security vendor Bromium, claimed the development - if true - could damage trust between security vendors who have moved to increasingly share malware samples in recent years.
"To prove that this story is indeed true, reliable facts need to be presented that provide legit evidence against Kaspersky. I doubt it'll be easy for anyone to reliably attribute the act directly to Kaspersky (unless the informants did it themselves and stored reliable evidence at the time of crime)."
Kaspersky issued us with the following statement:
Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.
In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community's attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior) https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/ . After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here: https://securelist.com/blog/incidents/30613/cascading-false-positives/
In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.