Apparently, Kaspersky created malware to harm rival Anti-Virus firms

Two former employees of Moscow-based Kaspersky Lab, have revealed that the firm tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious.

According to them, the highly secret campaign targeted Microsoft Corp., AVG Technologies NV, Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

Both sources who have requested anonymity said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives.

“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement.

“Such actions are unethical, dishonest and their legality is at least questionable.”

Kaspersky is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. It has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran’s nuclear program in 2009 and 2010.

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects among which their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into flagging good files as malicious.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

[Via]