Sci-Tech

Kaspersky firm faked malware to harm rivals

Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.They said the secret campaign targeted Microsoft Corp , AVG Technologies NV , Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers` PCs.Some of the attacks were ordered by Kaspersky Lab`s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said."Eugene considered this stealing," said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives."Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing," Kaspersky said in a statement to Reuters. "Such actions are unethical, dishonest and their legality is at least questionable."Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran`s nuclear program in 2009 and 2010.The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky`s selection of competitors to sabotage."It was decided to provide some problems" for rivals, said one ex-employee. "It is not only damaging for a competing company but also damaging for users` computers."The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.Their chief task was to reverse-engineer competitors` virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other`s virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google Inc`s VirusTotal.By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other`s work instead of finding bad files on their own.Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky`s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.When Kaspersky`s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.