Kaspersky Accused Of Using Fake Malware To Sabotage Competing Antivirus Software

It's not a great day for Russia-based Kaspersky Lab, as some of its former employees have come forward (anonymously) with information that indicates that some dastardly deeds were conducted by the company. Ultimately, it's said that Kaspersky wanted to harm its competition because they wouldn't stop stealing its work.

The allegation is that Kaspersky Lab had select employees purposely inject bad code into normal, common files, so that its competitors could pick them up as malicious, and in the worst case, delete them from a user's PC. That could result in broken software or perhaps even a broken operating system.

VirusTotal
The attack on competitors was made possible with Google's VirusTotal

This was made possible with the help of Google's VirusTotal service, although Google is at no fault here. VirusTotal is the result of collaboration between different anti-virus makers; each one of them can submit an infected file to the service, mark it as malicious, and let other anti-virus makers absorb that information into their own solutions. Apparently a couple clearly did.

In particular, these employees say that the biggest target was Microsoft, but it also targeted AVG and Avast. Kaspersky is adamant that it is innocent, saying to Reuters, "Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and their legality is at least questionable."

While he doesn't call out Kaspersky directly, Microsoft's antimalware research director Dennis Batchelder did have an experience to relay. In March of 2013, users complained about a printer-related file being put into quarantine, and after some research, the company found that the code in the file looked similar to another one that it previously added to its detection engine as malicious. He says that the root cause of this was someone injecting bad code into a normal file, obviously to target this file in particular.

Kaspersky Research Lab
Kaspersky's European Research Lab

Kaspersky defends itself to say that it experienced a similar attack, if you want to call it that, in November of 2012, when an "unknown" third party tricked its own detection engine into misclassifying select regular files, including some related to Valve's Steam client.

It's hard to tell where this is going to go, as all of the "victim" companies are keeping mum right now. If there's an upside to any of this, it's that this kind of trick is harder to pull off, as anti-virus makers have become a bit less trusting of their competitors, and as a result are working harder on their own solutions without help of those same competitors.