back to article Kaspersky Lab denies tricking AV rivals into nuking harmless files

Kaspersky Lab deliberately fed bogus malware to its rivals to sabotage their antivirus products, two anonymous former employees allege. Kaspersky says the accusations are false. Reuters reported today that two ex-Kaspersky engineers claim they were tasked with tricking competing antivirus into classifying benign executables …

  1. Anonymous Coward
    Anonymous Coward

    Kaspersky? Reputation?

    An industry rife with evil scum.

    McAfee, Symantec, Kaspersky.

    Yuck, yuck, yuck.

    1. Planty Bronze badge

      Re: Kaspersky? Reputation?

      Not sure I trust any of those snakeoil vendors, every week they spew FUD to try and sell their product.

      They mix real secuity threats with BS ones, pretending they are equal, and always gloss over major mitigating points.

  2. Anonymous Coward
    Anonymous Coward

    Y'heart sinks to y'boots when you read stuff like this

    But keep it up Mr Register.

  3. Anonymous Coward
    Anonymous Coward

    I'm not buying this..

    .. mainly because Kaspersky has been the most straight player of them all with its steadfast refusal to whitelist government spyware (over the last 2 decades or so).

    If it is true at all it would be a local effort - Eugene Kaspersky himself would not stand for these tactics. There is, however, another explanation: this could also be a tactic of the less straight players to get their own warez back in play, with whitelisting and all.

    The problem is, of course, that we don't know either way, but the story doesn't fit the way Kaspersky is directed. It's too out of character, and it's not like Kaspersky needs to resort to these tactics to turn a profit.

    1. Mark 85 Silver badge

      Re: I'm not buying this..

      Go back to the early days of Kaspersky. There was a virus that no one else had caught and suddenly this "unknown" company in Russia hit the mainstream media headlines about detecting it. There was a lot of suspicion in the IT world that Kaspersky created it, launched it on the world, then announced that they "spotted it" and were able to "protect" you from it. A rather nasty critter that virus as I recall.

      But then, the whole industry has had rumors of similar shenanigans...

      1. moiety

        Re: I'm not buying this..

        This whole thing whiffs a bit. Unknown original player? There's lots of reasons to get people to turn their antivirus off. Ex-employees with presumably some disgruntlement. Kasperski certainly would benefit by doing this, but so would lots of other people...even an own-goal against your own company if you could point the finger afterwards.

        I'm just not going to believe a syllable anyone says, I think.

    2. streaky Silver badge

      Re: I'm not buying this..

      It doesn't *sound* right at all from a technical perspective. If it was happening people using alternative products would be making noise about it that's for sure. The core malware samples that engines use to classify code will be guaranteed to be actual malware or the system fails; I can't see this working any other way - why would any vendor trust crapware just because it's uploaded to VT anyway? They wouldn't that's why.

      It might well be true Kaspersky tried it; what is highly suspicious are any potential claims it actually worked.

    3. Anonymous Coward
      Anonymous Coward

      Re: I'm not buying this..

      "Kaspersky... ...steadfast refusal to whitelist [Western] government spyware..."

      What about Putin's spyware?

  4. x 7

    I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.

    1. streaky Silver badge

      Kaspersky trained at the KGB's hacking school thing, so you know, yes, I guess?

      That said it's not exactly an unusual story in the industry.

    2. Anonymous Coward
      Anonymous Coward

      I always found it remarkable how Kaspersky emerged as a company so quickly, considering for how long the export of computer technology to Russia was banned. They effectively appeared as a fully formed business with state-of-art technology in a country that didn't even have PCs. Now I wonder where that technology came from? KGB? Military? Poacher turned Gamekeeper methinks.

      The guy is a mathematician by training, got into computers at a time where the Russians were barred from having anything powerful and thus learned to be really efficient, and he refused to play ball with other regimes that would like to have their spyware whitelisted. This also happened at a time when Windows was a leaky bucket of crud, so it needed all the help it could get and Internet hacking started to emerge. Two decades later, Windows is still a leaky bucket of crud, by the way.

      Even a nut like McAfee could make money that way, and Kaspersky (and then wife) were reasonable business people to start with. No special treatment needed.

  5. Sanctimonious Prick
    Mushroom

    Ex-Employee?

    Sounds like a three (or four, depending on your region) letter agency to me.

    Remember, Kaspersky pissed off the five eyes by not complying with their requests.

  6. Destroy All Monsters Silver badge
    Paris Hilton

    Somebody is talking fast here.

    It is claimed Kaspersky engineers took harmless Windows operating system files, manipulated them to appear as though they contained malware, and uploaded them to VirusTotal. The aim was to deceive non-Kaspersky antivirus engines into treating those system files as dangerous

    I fail to see how this is possible. If you "manipulate Windows operating system files", they no longer ARE Windows operating files. And how does this deceive other antivirus engines? Does one mark certain strings in those files and tell the other engines "if you see those strings, quarantine the file"? And they do it? In the age of polymorphic virus, no less?

    If you start getting false positives on OS files, then you have a big problem, and it has nothing to do with someone poisoning your well. It's more along the lines of being lazy or not having the right conduit to Microsoft.

  7. Ken Moorhouse Silver badge

    "manipulated them to appear as though they contained malware"

    Genuine question: no axe to grind either way:-

    How would you manipulate a file to make it appear as though it contained malware?

    I can think of three ways:-

    (1) Give it a different name.

    (2) Alter its content.

    (3) Copying it to a different location

    If this were done then it would certainly be a candidate for suspicion, and if such a file were to be quarantined there can be no criticism whatsoever of the vendor that did the impounding: it IS a suspicious file. Ok, impounding a file that had been altered (see (2) above) could brick the host pc, but surely the AV community should be sensible enough not to impound essential files without pointing out the implications first? Ah, maybe THIS is the problem. Well, if it is, maybe Kaspersky should be congratulated for bringing this kind of problem into the open(?)

    So the revised question to be asked is: Who manipulated the file in the ways mentioned above, on the target pc, and how: that is the source of the presumed malware. If the Kaspersky engine were found on all machines that had the suspicious file on them, surely a test can easily be setup to prove that the Kaspersky engine made the change.

  8. Gis Bun

    You know something is wrong when they "attacked" two crappy anti-virus/malware developers [Microsoft and Avast] as well as a semi-crappy one [AVG].

    1. x 7

      why do you call Avast crappy?

      Despite its free offerings, it actually has AV definitions which actually work in real-life, unlike much of the crap on offer elsewhere

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019