False-malware allegations ‘meritless’, says Kaspersky Lab
‘No secret campaign to trick competitors,’ Russian cyber-sec firm claims
Allegations that Russian cyber-security firm Kaspersky Lab created false malware designed to embarrass rivals were "meritless and simply false", the company claimed today.
Two former employees told Reuters that the company, and in particular its co-founder Eugene Kaspersky, had ordered the operation because of frustration over rivals copying Kaspersky Lab software. The pair described a long campaign in which a select team of engineers created harmless files that were doctored to look threatening, so that other cyber-sec companies would incorrectly identify them as malicious, quarantine them and, in some cases, damage customer machines as a result.
But Kaspersky Lab claimed there was no basis for the accusations. In an email to ITP.net, the company said: "Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false."
The former employees that spoke to Reuters said the campaign began after the findings of a 2010 experiment by Kaspersky Lab, to demonstrate the lax checks and balances within the cyber-security industry, went largely ignored by fellow vendors. In the experiment, several harmless files were created by Kaspersky Lab and submitted to Google's threat-aggregation service, VirusTotal. Within weeks, 14 companies blindly classified these files as dangerous, having done no research to confirm their threat level, it was alleged. According to the ex-employees, when Kaspersky Lab revealed the results of the test, it was disappointed with the lack of steps taken by the industry to counter future errors, and embarked on the false-flag campaign.
Kaspersky Lab confirmed the 2010 experiment had taken place: "We conducted the experiment to draw the security community's attention to the problem of insufficiency of multi-scanner based detection when files are blocked, only because other vendors detected them as being malicious, without actual examination of the file activity (behaviour).
"After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points."
The Russian firm also claims to be a victim of VirusTotal false-flags, in a 2012 incident that affected a number of solutions vendors.
"To resolve this issue, in October 2013, during the VB Conference in Berlin, there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind [the 2012] campaign," the company added.