Kaspersky deny allegation of faking malware to undermine competitors

Posted by Geraldine Hunt on Tue, Aug 18th, 2015

Kaspersky Labs is being accused by several anonymous former employees of creating fake malware so that competing anti-virus products  would  flag false positives and be discredited. When it comes to anonymous sources, which makes news less transparent, much caution is required. We reached out to Kaspersky to get some more information.

Kaspersky Labs stringently deny the accusations and provided us with this statement:

“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such   actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.

In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior). https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/

After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points. Read more here: https://securelist.com/blog/incidents/30613/cascading-false-positives/

In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”

According to Ronan Kavanagh CEO at TitanHQ “Kaspersky is an excellent product, we have never had an issue with it, quite the opposite in fact. Of course we have seen false positives, we were targeted by bad samples as were many other security vendors but we would have no visibility on who carried out these  attacks.  The critical thing is that as an industry we work together in fighting back”.

Eugene Kaspersky is not happy about the Reuters piece, and took to Twitter to vigorously deny the claims.

Have you ever had security software return false positives?