The Kaspersky source code that recently made its way onto public websites was leaked by a former employee of the antivirus vendor who
is already serving a prison sentence received a suspended prison sentence for intellectual property theft.
Yesterday, we reported about the complete source code of an older Kaspersky product being available on publicly accessible torrent and file hosting sites.
The code was last modified in December 2007 and judging by the directory tree it probably corresponds to a beta version of Kaspersky Internet Security 8.0.
Russian technology publication CNews quotes [Google translation] a Kaspersky Lab spokesperson, according to whom a former employee with legitimate access to the source code stole it in early 2008.
It's not clear if he did it out of revenge or entirely for profit, but he ended up offering it for sale on the black market.
The former worker was subsequently arrested and sentenced to three years
in jail, to be followed by another three of supervised release of suspended prison time.
Kaspersky claims the security of its current products is not at risk because they only contain a small part of the leaked code which doesn't concern protection functions.
It is likely that having knowledge of the leak for almost two years, the company rewrote the most critical parts of the code and made significant changes to its technology.
In addition, the vendor was aware the leaked sources were being distributed on private forums since November 2010, so it probably anticipated a full-blown public exposure.
People should be aware that even if publicly available, the source code remains the intellectual property of Kaspersky Lab and downloading, distributing or using it without consent is illegal.
The company has yet to respond to our inquiries or issue a public statement in English. We will keep you up to date with new information when it becomes available.
Updated January 31, 2011: Kaspersky Lab has issued a statement clarifying that its former employee received a three-year suspended prison sentence for his actions and warning everyone against downloading the publicly available source code. Read more here.