Reportedly, Kaspersky has been accused of making malware for more than ten years — The firm tricked other antiviruses into labeling it as infected.
Last time when Kaspersky was in the news it was about its relationship with Facebook so it can help the users identify and remove malware from their computers. Now, the firm is in the news for all the wrong reasons.
As per the claim of two ex-employees of Kaspersky, the malware attack was actually conducted to penalize emerging rivals firms for “stealing” its technology.
Basically, the attack worked like this: The antivirus firm Kaspersky would insert codes that looked dangerous into the software’s common pieces. Later, it would anonymously submit malware aggregator files to platforms like Google’s VirusTotal.
The competitors used to add the malware to their detection engines and would mistakenly flag the actual files due to the similarity of codes. Eventually, Kaspersky started targeting big-shot rivals like Avast, Microsoft, and AVG.
The companies involved in this hoax did not comment on the allegations for which Kaspersky is being accused of. However, all these firms had previously informed Reuters about an unknown third party that was trying to mislead them into marking false positives.
Allegedly, Kaspersky researchers worked for “weeks to months” on this project and just a small group of employees/researchers knew about this trickery, which peaked from 2009 to 2013.
Kaspersky has rejected all these claims and said in a statement that:
“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. Such actions are unethical, dishonest and their legality is at least questionable.”
However, Kaspersky did acknowledge the fact that it had performed a test with the collaboration of a computer magazine. The test involved assigning clean files a bogus threat level just to show the ease and convenience with which false positives are added without proper testing by the cyber security firms.
— Eugene Kaspersky (@e_kaspersky) August 14, 2015
According to Kaspersky, this test was documented publicly immediately and competitors were also informed about it to prevent any such mishap from actually occurring.
On the other hand, Reuters reports that Kaspersky sustained this practice and later on modified common files to trick other virus scanners into considering them as malicious and uploading them on malware tracking databases.
Kaspersky is a Moscow-based firm that creates the most famous and widely computer security software. It is counted among the best and largest Internet security firms around the world. The firm is largely known for its top-notch and highly reliable antivirus software.
Report typos and corrections to firstname.lastname@example.org