Eugene Kaspersky: malware sabotage accusations are ‘complete BS’

Allegations published by Reuters claim that Russian firm Kaspersky, which now has roughly 400 million users and 270,000 corporate clients, was engaged in a secret campaign to ruin smaller competitors.

However, Kaspersky, following its open criticism of “copy cats” in the market, designed 10 harmless malware files which it sent to VirusTotal, which in turn regarded them as malicious as per its usual behaviour. Such actions are unethical, dishonest and illegal. The company has reportedly been the target of hacks by both the NSA and its British counterpart, GCHQ, in efforts to subvert its antivirus software, and Kaspersky made few friends in the Western intelligence community after exposing the Stuxnet and Flame viruses used against Iranian nuclear facilities several years ago.

Kaspersky felt that other companies were just copying his work, without offering any contributions of their own, the ex-employees charged.

None of the three companies was able to comment this week on the Kaspersky allegations.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programmes have prompted security companies to share more information with each other, industry experts said.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent. The modified files then triggered threat-detection heuristics in the reverse-engineered anti-virus programs, causing false positives even in systems without the modified files installed. They would reverse engineer their rival’s software in order to understand how they could be tricked into thinking good files contained malicious code. “Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted”.

Meanwhile, Eugene Kaspersky has taken to Twitter to publicly rubbish the Reuters story. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior). While researchers report false positives far less frequently today, it is unknown as to whether the attacks have ended completely. “It is still unclear who was behind this campaign”.