In what would come as a rather insane tactic of curbing competition (not that it hasn’t be employed earlier, but still !), a Reuters report now states, that Kaspersky Lab, the highly-regarded Russian anti-virus maker reportedly faked a malware of its own, to fool competitor anti-virus programs into marking it as infected.

The revelation came when Reuters spoke to two former employees of one of world’s largest security company. The malware, though benign, was reportedly spread into systems to harm competitors and fool their softwares around into marking it infected.

And this ‘secret campaign’ run by Kaspersky targeted some of the biggest names in the Anti-Virus segment, including the likes of Microsoft Corporation (Windows Defender and Security Essentials), AVG Technologies NV (AVG.N), Avast Software and other rivals. More importantly though, while Kaspersky created this to fool its competition, the malware in turn damaged customers, as other anti-virus programs deleted certain core system files in a bod to remove that ‘fake infection’.

And while that wasn’t enough, this is what former employees told Reuters about Kasperky co-founder Eugene Kaspersky’s involvement in this scandal,

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology.

The employees obviously spoke on the condition of anonymity, saying that they were among a small group of people who were involved in this fake malware stuff.

Those ex-employees further told Reuters, that the ‘desire to build market share’ also factored into Kaspersky’s selection of competitors to sabotage.

It was decided to provide some problems,

said one ex-employee.

It is not only damaging for a competing company but also damaging for users’ computers.

The former Kaspersky employees said company researchers were assigned to “work for weeks or months at a time” on the sabotage projects.

So how did this ‘fake malware actually work ?

In lieu of a massive surge in number of computer viruses roaming around in our systems, world’s biggest anti-virus companies continuously share data with each other to provide better protection to your systems. These companies license each other’s virus-detection engines, and sent suspicious files to third-party aggregators such as Google Inc’s VirusTotal. Virustotal is Google’s engine which records all instances of such malicious and suspicious files.

However, Kaspersky, following its open criticism of ‘copy cats’ in the market, designed 10 harmless malware files which it sent to VirusTotal, which in turn regarded them as malicious as per its usual behaviour. As a result, those files were immediately declare ‘extremely harmful’ by as many as 14 anti-virus companies, who were blindly following Kaspersky’s presentation on the same, given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

However, even after this, when Kaspersky’s injection did not yield results, the company ‘stepped up the sabotage’, say former employees.

We have contacted Kaspersky for a comment, but are yet to receive a response.

However, this entire report, even if it eventually turns out to be false, does lead us to ponder, as to whether companies can get to such low standards to get a larger share of market. Let me know what you think of this in the comments, would be really glad to know your viewpoints.

Meanwhile, this is what Eugene Kaspersky has to say :


UPDATE :

Kaspersky has now issued an official statement on the Reuters story, wherein the company says, that while it did conduct a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, the company made it public and provided all the samples used to the media so they could test it for themselves.

Here’s the full statement :

“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.

“In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior). https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/. After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here:https://securelist.com/blog/incidents/30613/cascading-false-positives/

“In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”


 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.