14 DAY TRIAL // Two former employees of Kaspersky Lab, a Russian antivirus company, have disclosed details about a shadow project which had them create fake malware so the company's competitors would detect original software as infected, Reuters reports.
While the two employees asked to remain anonymous, they did not refrain from spilling the beans on a covert operation that Eugene Kaspersky, Kaspersky Lab's CEO, had personally ordered.
According to their statements, this smearing campaign has been going on for over 10 years, hitting its peak between 2009 and 2013.
The whole affair started when Mr. Kaspersky felt other companies where making a profit off his work, after multiple companies on the AV market introduced various collaboration pacts to help spread information about viruses, malware, and cyber-crime campaigns.
VirusTotal was used as a hub for spreading false malware to other AV engines
In an effort to discredit his competitors, he created a shadow department in his company, tasked with creating fake malware, which was then anonymously submitted to VirusTotal.
Here, other companies would pick up on it, and use the information in marking legitimate software as infected, often quarantining or deleting non-infected software.
This was achieved by reverse-engineering the scanner engines of its competitors, and then injecting dangerous-looking code inside a legitimate program, enough to trigger a false positive in the engine of a targeted competitor.
According to Reuters, most of the campaign was carried out against Microsoft, AVG and Avast.
There is also the 2010 incident
What makes this Reuters report more credible is an incident in 2010 when Kaspersky Lab created 20 samples of non-malicious files which it submitted to VirusTotal.
At that time, Kaspersky said it was only an experiment to showcase the number of industry copycats, AV engines that piggy-backed on Kaspersky's work, without even verifying the findings on their own.
The Kaspersky experiment showed how 14 other AV engines used the Kaspersky data without even bothering to investigate it, something that Kaspersky considered as theft of intellectual property.
The two employees interviewed by Reuters confirmed the company's fake malware campaign intensified after this experiment, when the industry did not react to change the way malware samples were shared between AV engines.
Kaspersky Lab reaction
Confronted by the release of the Reuters article, Kaspersky issued an official press release which you can read below.
Additionally, its CEO also posted a response on his blog, saying the Reuters article was "filled with sensational - false - allegations."
"Disgruntled ex-employees often say nasty things about their former employers, but in this case, the lies are just ludicrous," he added.
"Maybe these sources managed to impress the journalist, but in my view publishing such an 'exclusive' - WITHOUT A SHRED OF EVIDENCE - is not what I understand to be good journalism."
Of course we make false positives. In banya, then riding bears to the beach. We have an fp factory 6 miles north of the Kremlin
— Eugene Kaspersky (@e_kaspersky) August 14, 2015