Responding to allegations from anonymous ex-employees, security firm Kaspersky Lab has denied planting misleading information in its public virus reports as a way to foil competitors.
“Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” reads an email statement from the company. “Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false.”
On Friday, the Reuters news service ran a report charging that the security company had been deliberately classifying routine system files as malware, possibly causing such files to be flagged or deleted on user machines by competing anti-virus software.
The story draws heavily from interviews with two ex-employees, quoted anonymously, who were reportedly familiar with the operation. They had charged that in at least some of the instances, Kaspersky Lab cofounder, Eugene Kaspersky, personally directed planting the file names in the company’s virus reports.
Anti-virus companies, including Kaspersky competitors AVG Technologies and Microsoft, will routinely share information about new attacks they find, such as through the Google-owned service for aggregating virus reports, VirusTotal. This practice helps get word out more quickly about emerging threats.
Kaspersky felt that other companies were just copying his work, without offering any contributions of their own, the ex-employees charged.
Within a week and a half, the files were marked as malicious by at least 14 security firms, Reuters reported.
While the 2010 operation, which the Lab characterized as an experiment, was public knowledge, the company planted similar false positives unbeknownst by others in the security industry for more than 10 years, especially between the years of 2009 and 2013, the Reuters sources charged.
Kaspersky Lab has denied deliberately planting any other misleading virus information.