![]() ![]() When the lower tier of AV companies are feeding off your signature files, including “false negatives” lets you identify your stolen property. I could see this as (advanced) water-marking of the intellectual property (the virus definitions). Tags: antivirus, false positives, forgery, Kaspersky, malware, Microsoft, reverse engineering Over the next few months, Batchelder’s team found hundreds, and eventually thousands, of good files that had been altered to look bad.ĮDITED TO ADD (8/19): Here’s an October 2013 presentation by Microsoft on the attacks.ĮDITED TO ADD (9/11): A dissenting opinion. ![]() Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Microsoft’s antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in “quarantine.”īatchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. They declined to give a detailed account of any specific attack. The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company’s lead in detecting malicious files. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well. Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. ![]() They would send the doctored file anonymously to VirusTotal. In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would falsely classify legitimate files as malicious, tricking other antivirus companies that blindly copied Kaspersky’s data into deleting them from their customers’ computers. Two former Kaspersky employees have accused the company of faking malware to harm rival antivirus products.
0 Comments
Leave a Reply. |