All’s fair in love and war, but business is supposed to have rules. Just don’t tell that to Eugene Kaspersky, the founder of cyber security giant Kaspersky Lab, who believes in making up his own rules according to a couple of ex-employees.
Two former employees have come out this week to claim that Kaspersky Lab had a long-term program in place to develop malware that would damage rival security firms by tricking their antivirus programs into classifying normal files as malicious.
The ex-Kaspersky employees say the long-term campaign targeted Microsoft, AVG Technologies, Avast Software and other rivals, and successfully tricked a number of them into deleting or damaging files on their customers’ devices.
Apparently, a few of the malware programs were specifically ordered by co-founder Eugene Kaspersky to get revenge on up and coming rivals he felt had copied his software instead of developing their own.
Statement from Kaspersky Lab
In a statement on Friday, Kaspersky Lab denied that it had ever tricked competitors into making false positives.
“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky noted in its statement. “Such actions are unethical, dishonest and their legality is at least questionable.”
More on alleged Kaspersky Lab malware targeting rivals
Microsoft, AVG and Avast have complained to both the media and government authorities that unknown parties had been trying to create false positives for several years now. When contacted by Reuters, they had no comment on the recent allegations from ex-employees that Kaspersky Lab had been spoofing them.
The two former employees also noted that the desire to increase market share was a part of Kaspersky’s choice of competitors to sabotage.
“It was decided to provide some problems” for rivals, one of the sources commented. “It is not only damaging for a competing company but also damaging for users’ computers.”
The ex-employees said just a few researchers were assigned to work on the rival malware projects to maintain secrecy.
They were working to reverse-engineer the virus detection software of rivals to determine how to fool them into identifying good files as malicious files.
Cybersecurity industry analysts point out that the opportunities for this kind of sabotage have grown dramatically over the last 15 years as cyber security companies have begun sharing more information with each other. The last decade has seen these firms cross licensing virus-detection engines, exchanging samples of malware and forwarding suspicious files to third-party aggregators such as Google’s VirusTotal.
Security companies could more quickly identify new viruses and other malicious content with this kind of cooperative sharing. However, the collaboration also led to a few firms “borrowing” heavily from others instead of developing their own techniques.
Kaspersky Lab first began complaining about copycats in 2010, and called for respect intellectual property as data-sharing became the norm in the industry.
In fact, in early 2010 Kaspersky ran an experiment where it created 10 harmless files and told VirusTotal that it regarded them as malicious. In just over a week, all 10 files were declared dangerous by 14 security companies that had blindly followed Kaspersky’s lead, based on a presentation by senior Kaspersky analyst Magnus Kalkuhl at the end of January 2010.
However, when Kaspersky’s complaints did not lead to any real change in the industry, that was when Kaspersky started getting serious about its sabotage campaign, according to the ex-employees.