It seems that the source code for one of Kaspersky's security products has been leaked online and is available for download from torrent and file hosting websites.

According to a description accompanying the release, the sources were stolen from Kaspersky Lab in 2008 with the last changes dating from December 2007.

The code is written in C++ and Delphi and corresponds to the anti-virus engine as well as other modules, including anti-phishing, anti-dialer, anti-spam and parental control.

We don't know to what version of Kaspersky's security suite the source code actually corresponds to, but 8.0 is the most likely candidate at this point.

The Russian vendor's line of products is now at version 11.0, which is publicly marketed as 2011 and PURE, for the most complete offering.

We have contacted the company to ask for clarifications regarding this incident of intellectual property theft, but we have yet to receive a response.

Rumours about a Kaspersky security breach that resulted in leak of source code have been going around since 2009. It has also been suggested that those responsible put the code up for sale.

Obviously the sources of one of the leading antivirus engines on the market today, even if two years old, would be quite valuable for both competitors and malware writers.

The code has obviously suffered significant changes, improvements and additions since then, but much of it probably remains the same.

A company looking to develop its own anti-malware product, especially in a country where intellectual property laws are not strongly enforced, could easily use it for inspiration.

Update January 29, 2011: More information about this incident is available in a new article.