Skip to main content

Kaspersky allegedly ran covert campaign to sabotage rival firms

A report has emerged claiming that security firm Kaspersky engaged in trickery aimed at making rivals in its field look bad, although the company itself has strongly denied the accusations levelled.

Anonymous sources who spoke to Reuters claimed that Kaspersky began a secret campaign against competing security firms over 10 years ago – a campaign which peaked around 2009 to 2013 – whereby it tried to get rival security suites to flag up false positives, in other words, detecting normal files as malware, leading to them being quarantined in some cases.

Damage to the user's PC was potentially caused as these files were important ones, the idea being to damage the reputation of the rival products in question.

The sources said only a small ring of staff members knew about said covert operation, and it was conducted because the co-founder of Kaspersky, namely Eugene Kaspersky, believed competitors were aping his software's routines instead of developing their own, and he considered this "stealing" according to one source.

The companies which were allegedly targeted included freebie antivirus stalwarts AVG and Avast, and indeed Microsoft.

In a statement, Kaspersky defended itself claiming that the allegations had been made by ex-staff members who had an axe to grind.

The firm said: “Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.”

The company did state that it conducted a "one-time experiment" in 2010 where it uploaded 20 samples of non-malicious files to the VirusTotal multi-scanner, to "draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity.”

Kaspersky said there was nothing underhand about this particular experiment, and indeed it opened up a full discussion with the antivirus industry over the matter post-experiment.

Rahul Kashyup, Chief Security Architect and SVP of Security & Solutions Engineering at Bromium commented: “If true, this news is indeed a jolt for the security industry – especially the Anti-Virus industry. The AV malware samples exchanged amongst vendors is based on trust, and this report claims that was breached. The ramifications are quite high – many users suffered in this process with crippled PC’s and many firms actually lost business. Besides the huge impact of the claim, there are two other issues this report brings out – the challenges of reliably attributing and the fragility of anti-virus ‘system’.

"To prove that this story is indeed true, reliable facts need to be presented that provide legit evidence against Kaspersky. I doubt it’ll be easy for anyone to reliably attribute the act directly to Kaspersky (unless the informants did it themselves and stored reliable evidence at the time of crime). Reliable attribution on the internet is hard and tedious. It’s not like traditional crime.

"This also exposes to the fragility of the entire malware sample distribution system. As the report claims – a hole in the system was uncovered and plugged after large scale damage was observed. The entire Anti-Virus industry is about reacting after damage, this act further proves yet another flaw in the model."