Reuters reports antivirus vendor Kaspersky Lab sabotaged competitors by deliberately marking clean files as infected in a worldwide database. The news agency has interviewed two Kaspersky ex-employees who state that Kaspersky targeted Microsoft, AVG and Avast and other rivals.
Kaspersky fooled some their antivirus products into deleting or disabling important files because they falsely marked them as malware. The Russian antivirus developer achieved this by reporting false information to the worldwide used virus database VirusTotal.
The ex-employees even state in the interview that Kaspersky Labs co-founder Eugene Kaspersky recommended the method. He argued that some rivals copied Kaspersky technology instead of developing new technology themselves.
AVG, Avast and Microsoft confirm that unknown parties have tried to sabotage them but didn't comment on who was behind it. Kaspersky Labs also denies the allegations, "our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable."
Co-founder Eugene Kaspersky also responded on Twitter, calling the story ""complete BS" and stating the Reuters journalist, "is an alien missioned to conquer the Earth - Ex-colleagues :)"
I don’t usually read @reuters. But when I do, I see false positives. For the record: this story is a complete BS: https://t.co/m0Rcy2Vm6Y
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
Exclusive! @josephmenn is an alien missioned to conquer the Earth - Ex-colleagues 🙂
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
Update: Kaspersky Lab has sent us a statement:
Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.
As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.
In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior). https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/
After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here: https://securelist.com/blog/incidents/30613/cascading-false-positives/
In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.
