After being accused of creating malware for ten years, Kaspersky today hit back to deny developing these fake viruses to hurt their competition:
“Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky Lab said in a statement provided to SecurityWeek.
“Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false,” the statement continued. “As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others.”
While the Russian security firm defended against the accusations, the company did say that it conducted a one-time experiment in 2010 by uploading samples of non-malicious files to VirusTotal—something that had been made public by the company soon after—and well before being accused in the report from Reuters.
“In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless,” Kaspersky Lab explained. “After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior).”
I am not sure I buy any of this at all. It just seems too convenient to accuse an anti-virus vendor like Kaspersky of these types of activities. At some point in their life every security vendor is accused of creating malware – it is a standard industry conspiracy theory.
Who stands to gain from Kaspersky’s global reputation taking a hit?
Disclaimer: I work for Intel Security, a Kaspersky competitor.