Did Kaspersky Try To Deceive Its Competitors By Faking Malware?
If an exclusive report from Reuters is to be believed, Kaspersky Lab, the international software security group headquartered in Russia was involved in a secret campaign to harm its competitors’ reputation. Reuters interviewed two former employees and found out how Kaspersky was out to malign smaller names in the security software market with the help of a closely guarded campaign. The whole story that was narrated the ex-employees who wished to remain anonymous reads out like the classic “good guy goes bad†storyline. At the beginning of this decade, anti-virus companies decided to share malware information among them. This meant the launch of websites such as VirusTotal where one security software maker could put up its findings about a new threat for others to see and find a solution. Kaspersky, which is one of the oldest names in the business, was quite sceptical of the whole initiative.
The company founder, Eugene Kaspersky believed that sharing information was making certain companies lazy as they were relying on findings of other companies instead of setting out to find threats in the wild. The company decided to do something about it. It created ten harmless files and sent them to the aggregator website, VirusTotal labelling them as malicious. The funny thing was that more than ten software security companies blindly followed Kaspersky claims and had their products mark them as malware even without checking them with their detection mechanism. Kaspersky made these details public in a press conference hoping that other anti-virus companies change their policies but its voice went unheard. This is when Kaspersky decided to go in a different direction.
One of the employees interviewed by Reuters said that he had been employed for months at a time to reverse engineer virus detection mechanisms of other anti-virus companies and find out ways to trick them into thinking that harmless files were malicious. The second employee gave a detailed account of another technique employed by Kaspersky where its engineers would select commonly found software and inject it malware. This altered file which looks and behaves as the useful software would be sent anonymously to VirusTotal who would share it among other companies. The companies then would run it in their detection software and find it to be malicious. The companies then would instruct their software products to either quarantine or delete these files.
Microsoft's antimalware research director, Dennis Batchelder, confirms this fact by stating an example from 2013 where a printer code was marked as malicious as the knowledge base on the same software marked it as a malware. After reports surfaced, Kaspersky Lab vehemently denied these accusations that it was involved in any of such activities.
For more information you can refer to the article on #-Link-Snipped-# and its coverage on #-Link-Snipped-#
The company founder, Eugene Kaspersky believed that sharing information was making certain companies lazy as they were relying on findings of other companies instead of setting out to find threats in the wild. The company decided to do something about it. It created ten harmless files and sent them to the aggregator website, VirusTotal labelling them as malicious. The funny thing was that more than ten software security companies blindly followed Kaspersky claims and had their products mark them as malware even without checking them with their detection mechanism. Kaspersky made these details public in a press conference hoping that other anti-virus companies change their policies but its voice went unheard. This is when Kaspersky decided to go in a different direction.
One of the employees interviewed by Reuters said that he had been employed for months at a time to reverse engineer virus detection mechanisms of other anti-virus companies and find out ways to trick them into thinking that harmless files were malicious. The second employee gave a detailed account of another technique employed by Kaspersky where its engineers would select commonly found software and inject it malware. This altered file which looks and behaves as the useful software would be sent anonymously to VirusTotal who would share it among other companies. The companies then would run it in their detection software and find it to be malicious. The companies then would instruct their software products to either quarantine or delete these files.
Microsoft's antimalware research director, Dennis Batchelder, confirms this fact by stating an example from 2013 where a printer code was marked as malicious as the knowledge base on the same software marked it as a malware. After reports surfaced, Kaspersky Lab vehemently denied these accusations that it was involved in any of such activities.
For more information you can refer to the article on #-Link-Snipped-# and its coverage on #-Link-Snipped-#
0