Kaspersky Accused Of Faking Malware To Retaliate Against Rival Antivirus Software

Moscow-based antivirus developer Kaspersky Lab has found itself at the center of accusations by two former employees who say the company misled the antivirus community into inserting false positives into its rivals’ software.

According to Reuters, Kaspersky engineers would take important software files found on most PCs, distort them to make them look like malware, and submit them anonymously to Google’s VirusTotal malware aggregator. Third parties look to aggregators like these to keep their software up to date, relying on community knowledge to keep consumers safe from the latest threats. Because these files looked so similar to the originals, Kaspersky would be able to trick rivals into falsely identifying important software files as malware.

Kaspersky Lab reportedly began this campaign more than a decade ago, peaking between 2009 and 2013, but it strongly denies the allegations. “Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable."

The employees charge that co-founder Eugene Kaspersky ordered some attacks himself, partly to retaliate against smaller rivals.

The employees say researchers would reverse-engineer rival software to try and work out how to produce false positives. In 2010, Kaspersky Lab publicly denounced rivals it saw as copying its product, uploading totally harmless files to VirusTotal to show how blindly rivals follow its lead. Within a week and a half, 14 security companies had declared Kaspersky’s harmless files to be dangerous.

Executives at Avast, AVG and Microsoft, three major antivirus developers, previously complained about false positives in the community. Speaking to Reuters in April, a former chief technology officer at AVG, Yuval Ben-Itzhak, said: “There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013.”

None of the three companies was able to comment this week on the Kaspersky allegations. VirusTotal was also unable to immediately comment.

Kaspersky is one of the world’s biggest anti-malware companies, with annual revenue reportedly exceeding $700 million and 400 million users worldwide. In June, Kaspersky found itself a victim of hacking by malware that was found to be using digital signatures from Foxconn. The Duqu 2.0 virus that attacked the company was also used to hack into hotels where the Iran nuclear negotiations were being held.