Two former employees of Moscow-based security firm Kaspersky Labs claim the company ran a campaign with the intention of damaging rivals by tricking their anti-virus software to generate false positives. Co-founder Eugene Kaspersky reportedly ordered some of the attacks, with the intention of retaliating against smaller rivals that he felt were stealing technology from his software instead of developing their own.
The anonymous sources claim the secret operation targeted Microsoft, AVG Technologies, Avast Software and other rivals, and note Kaspersky researchers were sometimes assigned to work for weeks or months at a time on the sabotage projects. The goal was to reverse engineer competing anti-virus detection software to figure out ways to fool them into flagging (and deleting) good and important files as malicious.
For instance, one technique was to inject bad code into an important file commonly found on Windows PCs to make it look like it was infected. The doctored file would then by submitted anonymously to Google's VirusTotal, a third-party aggregator used for sharing data with other security companies.
Competitors ran the doctored file through their virus detection engines, which would then flag not only the doctored file but also the original file as potentially malicious because both files looked so much alike.
The former employees said Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.
It is not clear if the attacks have ended, though security executives say false positives are much less of a problem today.
That is in part because security companies have grown less likely to accept a competitor's determinations as gospel and are spending more to weed out false positives.
Kaspersky strongly denies the allegations, calling such actions "unethical, dishonest and of questionable legality". Furthermore, the Moscow-based security firm claims it fell victim to a similar attack in November 2012 when an unknown third-party manipulated Kaspersky into flagging files from Tencent, Mail.ru and Steam as malicious.
Microsoft, Avast and AVG confirm they've fallen victim to faked malware attacks but declined to comment on any role Kaspersky may have played in this.
Full details at Reuters.