Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Software News

Former Employees Accuse Kaspersky Lab of Faking Malware 90

An anonymous reader writes: Reuters reports that two former employees of Moscow-based Kaspersky Lab faked malware to damage the reputations of their rivals. The alleged campaign targeted Microsoft, AVG, Avast, and others, tricking them into classifying harmless files as viruses. The ex-employees said co-founder Eugene Kaspersky ordered some of the attacks as retaliation for emulating his software. The company denied the allegations, and Kaspersky himself reiterated them, adding, "Such actions are unethical, dishonest and their legality is at least questionable." The targeted companies had previously said somebody tried to induce false positives in their software, but they declined to comment on the new allegations. "In one technique, Kaspersky's engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal." The alleged attacks went on for more than 10 years, peaking between 2009 and 2013.
This discussion has been archived. No new comments can be posted.

Former Employees Accuse Kaspersky Lab of Faking Malware

Comments Filter:
  • There don't seem to be very many good free alternatives other than microsoft's default package. I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

    If classification is the name of the game, couldn't you use some machine learning techniques based on what malware does and write your own classifier?

    • by idbeholda ( 2405958 ) on Friday August 14, 2015 @01:08PM (#50317797) Journal
      http://tot-ltd.org/techinf.htm... [tot-ltd.org]

      Project I've been working on for the past 15 years. Take it or leave it.
    • by TWX ( 665546 )

      There don't seem to be very many good free alternatives other than microsoft's default package. I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

      If classification is the name of the game, couldn't you use some machine learning techniques based on what malware does and write your own classifier?

      If I remember right Thunderbyte Antivirus did something much like that. At some point Thunderbyte was bought-out and I honestly have no idea what happened after that.

      In my opinion, the best approach for malware that is pulled-in by the user is to restrict what the user can do to the computer. Yes, that means annoying issues installing software such that a privileged account has to be logged into, but it also means that if the user makes serious mistakes the solution is to back up their non-executable d

      • In regards to Thunderbyte, they were acquired by Norman ASA (www.norman.com). In 2014, Norman ASA was acquired by AVG.

      • by dcollins117 ( 1267462 ) on Friday August 14, 2015 @01:49PM (#50318159)

        A hacker can really screw with someone without elevating to admin. All the juicy stuff is in the user accounts anyway. In a few seconds they can get your financial information, passwords, email contacts, the screenplay you're working on, any photos of an adult nature that happen to be there...

        In contrast, the admin account is quite dull. You already know what's on that. I get the point that once you get admin you can install your badware and stick around for a while, but once you've got all the really good stuff is in the user accounts why bother.

    • by znrt ( 2424692 )

      There don't seem to be very many good free alternatives other than microsoft's default package.

      at risk of stating the obvious ... er ... linux? :)

      I've wondered if it's possible for me to make my own security system, but I've never given it a good amount of thought.

      it's possible. it's also hard. start giving it some good amount of thought and stop making yourself a target by using the 'default package'. it will be easier from there ...

    • by Ungrounded Lightning ( 62228 ) on Friday August 14, 2015 @01:48PM (#50318155) Journal

      There don't seem to be very many good free alternatives other than microsoft's default package.

      Signature-based anit-malware solutions require an industrial-scale operation to identify new threats and add them to the signatures. That's very costly: Those workers have to eat, so they have to be paid somehow.

      Since Microsoft is pretty much the only company with a revenue stream that is substantially improved by protecting Microsoft systems generally, it is similarly pretty much the only operation that can profit by spending such industrial-scale money deploying new defences "for free".

      But there are still a few who find ways to make it possible. One of the best after-infection malware-removal tools out there is Malwarebytes. They distribute a stripped-down, manually-operated, nagware version of their product for free, in the hopes that you'll subscribe to the full-function version (to get additional functionality, including automated scheduled execution, and/or spare your attention from constantly closing their popups that covered your working window. B-) )

      • by donak ( 609594 )

        I've been using MalwareBytes (as suggested above) then installing Comodo Internet Security http://comodo.com/ [comodo.com] (free for personal use) if needed, and finally CCleaner from Piriform http://piriform.com/ [piriform.com] to rescue peoples PCs after disaster has struck.
        I'm thinking of making it a standard "pack" of software for anyone who asks at the Library where I volunteer.

    • DIY _really_ isn't an option for anti-virus. You can get some protection by having good backups, good host security such as SELinux, and maybe even a host-based IDS similar to Tripwire watching for any changes, but AV (scanning files looking for potentially malicious ones) is a big, big job. Lots of things are DIY, but AV isn't one of them.

      I just started work for a company that does something related. We have a full time TEAM of people just entering new threats all day long. Another team maintains the back

    • by mattb47 ( 85083 )

      Microsoft Security Essentials / Windows Defender has been falling behind for years now. It used to be pretty good. But now, it unfortunately doesn't catch a lot newer malware. Microsoft dropped the ball and stopped putting the proper R&D into their product.

      Bitdefender Free is my new favorite these days:
      http://www.bitdefender.com/sol... [bitdefender.com]

      Fast, effective, and low impact. Bitdefender Free is not free for commercial use, however. And they don't have a free version that support Windows 10 yet. Bitdefende

  • by Frosty Piss ( 770223 ) * on Friday August 14, 2015 @01:11PM (#50317819)

    It would not surprise me if *ALL* so-called antivirus software companies did this, with very few exceptions.

    • You know, Burke, I don't know which species is worse. You don't see them fucking each other over for a goddamn percentage. - Ripley
    • It would not surprise me if *ALL* so-called antivirus software companies did this, with very few exceptions.

      What ?!! don't you know that " Such actions are unethical, dishonest and their legality is at least questionable " ?

    • Every year it's about one of them doing something similar. I love kaspersky, why you ask? It finds what others don't, it's developed in the wild west where everyone hacks everyone aka Russia. So you know it's better than our stuff and I have yet seen a kgb type exploit exposed and used by 3rd parties unlike our (us and gov) exploits that are found and used all the time by hackers. You also hear results from it example " all the computers but the kaspersky and bitdender, etc... computers got the virus" w
      • by rtb61 ( 674572 )

        Finding computer virii that others don't can also be pretty suspicious. That obvious have copies of each others software and they obviously are quite capable of coding computer virii, in fact they all claim to know more about them than anyone else. So crafting one to get past the competition and infect as many computers as possible would be one of the best possible marketing strategies.

        Not that I would suspect Kapersky Labs ahead of the others. I would honestly place all software security companies in th

  • >> chief task was to reverse-engineer competitors' virus detection software to figure out how to fool them into flagging good files as malicious

    Why is this a bad thing? This is pretty much what a large chunk of the "grey hatter" world does on a regular basis (figure out how to trick AV). Shouldn't we be cheering on a little AV-on-AV competition instead of letting them all group-think themselves into a pool of mediocre results?

    (This is also why running different AV engines in your network has general

    • by Anonymous Coward

      AV companies are supposed to be the "good guys" working towards "making the world a safer place". They have an image to maintain.

      Their software runs with full privileges on millions of computers and is permanently connected to the Internet.
      If they turn out to be your run-of-the-mill evil company run by rotten people, then how could you possibly trust them to protect you?

      I don't want Kaspersky's crap anywhere near my machines if they can't even be trusted to cooperate with their own colleagues.

      • >> run-of-the-mill evil company run by rotten people

        I didn't realize Symantec or Trend micros were a good companies run by nice people. Maybe McAfee could be a character witness for them. :)

        >> how could you possibly trust them to protect you?

        If a "security" company doesn't have the technical expertise to figure out the difference between real and fake viruses (as it seems a number of these companies couldn't), I'm not sure how much protection they're offering anyway. I guess I'd rather watch t

        • >> run-of-the-mill evil company run by rotten people

          I didn't realize Symantec or Trend micros were a good companies run by nice people. Maybe McAfee could be a character witness for them. :)

          >> how could you possibly trust them to protect you?

          If a "security" company doesn't have the technical expertise to figure out the difference between real and fake viruses (as it seems a number of these companies couldn't), I'm not sure how much protection they're offering anyway. I guess I'd rather watch the egress traffic from the software of the the technically-savvy company than sleep knowing I got my AV software from the brightly-colored company who bought me a steak dinner at the conference.

          There is no McAfee any longer. It is now Intel Security.

          I actually find Bitdefender Free to be a better alternative to Micrososft's free package. It's about as light weight and finds stuff MS's misses. And it's free.

      • by rch7 ( 4086979 )

        How dumb it would be to trust KGB guys to do anything in your computer in the first place?
        "There is no such thing as a former KGB man" - V. Putin. They all cooperate with their authorities. Even if somebody would not want, they are obliged to do that if they want to do business in Russia and stay alive.

      • They have an image to maintain.

        Kaspersky is run by ex-KGB men. What would possibly go wrong?

        (Yeah, yeah. I know here on Slashdot the NSA and CIA are one-thousand times worse than the KGB and GRU ever were, but spare me.)

    • >> chief task was to reverse-engineer competitors' virus detection software to figure out how to fool them into flagging good files as malicious

      Why is this a bad thing? This is pretty much what a large chunk of the "grey hatter" world does on a regular basis (figure out how to trick AV). Shouldn't we be cheering on a little AV-on-AV competition instead of letting them all group-think themselves into a pool of mediocre results?

      (This is also why running different AV engines in your network has generally been a good defense-in-depth measure in the past...I don't WANT them all to agree.)

      Because those files belonged to end users, Kaspersky was using their competitors' software as malware.

    • by cdrudge ( 68377 ) on Friday August 14, 2015 @02:32PM (#50318413) Homepage

      Because it's not a little AV-on-AV competition. Competition is when companies push each other to try to improve their product over the others, not purposefully throwing more hurdles in the way of the competitor.

      If they did what was accused, they maliciously submitted false information that would be shared around the industry because they knew the competition would detect it as an infected file. It didn't improve Kaspersky's accuracy, nor did it help the accuracy of anyone else's scanner detecting real threats. It only resulted in competitors looking bad for false positives, and having to spend additional efforts filtering samples.

  • by Anonymous Coward

    If you could only install one you'd be better off installing an ad blocker than an anti-virus product.

    People telling you different are trying to sell you something :)

    • People telling you different are trying to sell you something :)

      Maybe they are, but I'm not seeing their messages!

  • FUD... (Score:2, Insightful)

    by Anonymous Coward

    ... with how rotten companies are these days you can never tell if its a genuine issue or some other competitor running a smear campaign.

    Either way there's no perfect AV software and as always the arms race will continue.

  • by Anonymous Coward

    "Such actions are unethical, dishonest and their legality is at least questionable."

    Remember Enron? Yeah, what they did was somewhat unethical as well. Remember the subprime crisis? Plenty of ethically shady bankers in that as well. Stop pretending you care at all, because you don't. You only have to appear like you didn't know for PR reasons.

    • by tnk1 ( 899206 )

      He may or may not know.

      What is important is that he has responsibility for the actions of his company. He will need to show without a shadow of a doubt that this was a totally rogue action that was not at all encouraged by their company directives OR their culture.

      It is possible that there was one guy or a group of folks who did this on their own completely against the policies and the implied culture of Kaspersky Labs. If so, then maybe he's not responsible.

      However, it's hard to believe that someone woul

  • by Anonymous Coward

    Kaspersky is one of the only anti-virus you can trust. And the best at detecting malware.

    I know for certain, from a McAfee employee, that they collect info in the telemetry for NSA. This is done in the consumer's version of the software, and can be disabled only for corporations.

  • Anti-virus companies could (or have an incentive to) create virus-infected software and release it into the world, and then come up with detection for them faster then their competitors.

    Don't recall if it was a joke, speculation, or a vague accusation, much less who made it. (It was years ago.)

    So this claim seems more than a little familiar.

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...