Here’s a crazy report: Kaspersky Lab, makers of a popular antivirus service, might have created fake malware for over ten years to harm its competitors. The software was benign, but Kaspersky fooled other antivirus software into marking it as infected.
Two ex-employees told Reuters that the clandestine attack was originally meant to punish smaller rivals that Kaspersky felt were ‘stealing’ its technology.
It basically worked like this: Kaspersky would inject dangerous-looking code into common pieces of software. It would then anonymously submit the files to malware aggregators such as Google-owned VirusTotal. When competitors added the malware to their detection engines, they’d mistakenly flag the original files because of the similar code.
The hoax job eventually included large rivals such as Microsoft, AVG and Avast. These companies had no comment on the Kaspersky allegation, but had previously informed Reuters of an unknown third party trying to trick them into marking false positives.
Reuters’ sources claim they were part of just a small group of people who know about the sabotage, which peaked from 2009 to 2013. Kaspersky allegedly had researchers working from “weeks to months” on the project.
Kaspersky, for its part, denied the claims:
“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable.”
Reuters’ sources did not say if they believed the supposed sabotage is ongoing. For more on the allegations, check out the source link below.
Update: Eugene Kaspersky is not happy about the Reuters piece, and took to Twitter to deny the claims.
I don’t usually read @reuters. But when I do, I see false positives. For the record: this story is a complete BS: https://t.co/m0Rcy2Vm6Y
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
Exclusive! @josephmenn is an alien missioned to conquer the Earth – Ex-colleagues :)
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
Of course we make false positives. In banya, then riding bears to the beach. We have an fp factory 6 miles north of the Kremlin
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
➤ Exclusive: Russian antivirus firm faked malware to harm rivals – Ex-employees [Reuters]
Get the TNW newsletter
Get the most important tech news in your inbox each week.