Kaspersky Fakes Malware to Harm Competitors – The Dark Side of the Security Industry

It’s sad to realize that something we trust has a dark side.

Unfortunately, that’s the case with the security industry. It’s full of companies developing different types of software solutions that are supposed to keep our personal information safe. By purchasing these solutions, we’re putting our faith in the security company that developed them. Still, perhaps it shouldn’t be too surprising—considering the nature of competition being what it is—that these security companies aren’t just trying to beat cybercriminals, they’re also trying to beat each other. We just didn’t think they’d do so at our expense.

Kaspersky Created Fake Malware

A few days ago, Business Insider reported that Russian antivirus maker Kaspersky—who makes some security products that are thought to be best in their class—created fake malware and spread it across the security industry in order to harm rival companies. Not cool! Especially since this move directly impacted everyday computer users.

According to the publication, Kaspersky’s goal was to get other antivirus solutions, specifically those from Microsoft, AVG, Avast and others, to falsely flag crucial files on a user’s operating system as malicious. Once their rivals’ security software blocked this “threat,” the users’ computers would be harmed, since the files in question were crucial. Needless to say, this resulted in many angry customers.

Putting aside other aspects of this story, the Business Insider article sheds light on a shadier side of the security industry—a side many would be surprised to learn even exists. What becomes obvious is the capacity security companies have to do damage (rather than good) in order to gain more market share than their competitors.

Credentials Recovery – The Full Story

If you’ll look closely enough, you’ll find that there are various areas where security companies try to surpass one another—and not always in the nicest ways. One of these areas is credentials recovery.

Malware, especially financial malware, steals credentials from users of infected machines. The goal of credentials recovery is to retrieve the credentials (including usernames and passwords of a security company’s clients) stolen by financial malware. Through credential recovery, a company can provide a data feed of stolen credentials to online service providers, banks, and more.

How do the security companies recover stolen credentials? Considering that malware databases aren’t accessible to anyone who stumbles across the server, in many cases the answer is simple: they hack into it. Companies performing credential recovery employ fully-fledged hackers that apply their knowledge to discover vulnerabilities in the malware’s servers, develop exploits for these vulnerabilities and hack into the database. This activity alone can easily be considered shady.

While some might view these operations as good guys being a bit vigilant for the greater good, cynics may see it as corporations involved in hacking for profit. After all, these recovered credentials aren’t provided to victims for free. The legality of these actions can also be questioned, and actually depends on where the company is located. But, considering that the chances of getting sued by a cybercriminal who’s had his servers hacked is pretty much nonexistent, despite being in a legally gray area, credentials recovery is considered low-risk.

Zeus Malware and Getting Ahead of the Game

Security companies don’t stop at simply hacking into criminals’ servers. Because multiple companies perform credentials recovery and they know their competitors do as well, the industry employs tactics that seem to have been taken from Kaspersky’s book (if Business Insider’s claims are accurate).

For example, to find out what vulnerabilities in malware servers other security companies have already discovered, security companies will set up fake malware incidents and wait for their competitors to try and hack into their servers. Take this scenario into consideration: If a company wants to uncover new exploits against Zeus malware servers, they can use apprehended Zeus code (code that has been leaked and is available) to create a fake malware attack. They file the incident to Zeus Tracker (a website that keeps track of Zeus malware incidents) or another similar site that companies use as resources for learning about new malware cases. Once filed, competitors will eventually reach the company’s fake malware server, use their exploits to try and gain access to the database, all the while having their actions recorded by the company that set up the fake attack. In other words, these incidents are honey pots, but instead of trying to lure cybercriminals, they’re trying to lure competing security companies. In doing so, the company that set up the fake attack will obtain new vulnerabilities and exploits it can use on real incidents, thus expanding the number of malware servers from which it can recover credentials.

Security companies are often depicted in a fashion that puts them up as the good guys in a war against cybercriminals. But it’s important remember that just as cybercriminals have internal rivals, so do security companies. For these companies, their rivals aren’t just the cybercriminals they’re working to stop, but also the other companies vying for market share. There’s a dark side to the security industry. It’s one we don’t hear of often, but one that’s there nonetheless.

Want to see more content like this? Subscribe to get a weekly roundup from BlogDOG.

About LogDog

The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.

The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out.