据说卡巴斯基源代码泄露？ - Project1

January 28th, 2011, 14:19 GMT| By Lucian Constantin

It seems that the source code for one of Kaspersky's security suite products has been leaked online and is available for download from torrent and file hosting websites.

According to a description accompanying the release, the sources were stolen from Kaspersky Lab in 2008 and the last changes made to them date from December 2007.

The code is written in C++ and Delphi and covers the anti-virus engine, as well as the anti-phishing, anti-dialer, anti-spam, parental control, and other modules.

We don't know yet to what version of Kaspersky's security suite the sources actually correspond to, but 8.0 is the most likely candidate at this point.

The Russian vendor's line of products is now at version 11.0, which is publicly marketed as 2011 and PURE, for the most complete offering.

We have contacted the company at several different email addresses to ask for clarifications regarding this major intellectual property theft incident, but we have yet to receive a response.

Rumours about a security breach at Kaspersky resulting in source code being leaked have been going around since 2009. It has also been suggested that the hackers responsible originally put the code up for sale.

Obviously the sources for one of the leading antivirus engines on the market today, even if two years old, would be quite valuable for both competitors and malware writers.

Its likely that the code has seen significant changes, improvements and additions since then, but much of it is probably the same.

A company looking to develop its own anti-malware product in a country where intellectual property laws are not very strongly enforced or lacking, could easily use it as inspiration.

We will update this article with new information when/if it becomes available.

============

January 29th, 2011, 09:56 GMT| By Lucian Constantin

The Kaspersky source code that recently made its way onto public websites was leaked by a former employee of the antivirus vendor, who is already serving a prison sentence for intellectual property theft.

Yesterday, we reported about the complete source code of an older Kaspersky product being available on publicly accessible torrent and file hosting sites.

The code was last modified in December 2007 and judging by the directory tree it probably corresponds to a beta version of Kaspersky Internet Security 8.0.

Russian technology publication CNews quotes [Google translation] a Kaspersky Lab spokesperson, according to whom a former employee with legitimate access to the source code stole it in early 2008.

It's not clear if he did it out of revenge or entirely for profit, but he ended up offering it for sale on the black market.

The former worker was subsequently arrested and sentenced to three years in jail, to be followed by another three of supervised release.

Kaspersky stressed the security of its current products was not at risk because they only contained small parts of the leaked code which didn't concern protection functions.

It is likely that having knowledge of the leak for almost two years, the company rewrote the most critical parts of the code and made significant changes to its technology.

In addition, the vendor was aware the leaked sources were being distributed on private forums since November 2010, so it probably anticipated a full-blown public exposure.

People should be aware that even if publicly available, the source code remains the intellectual property of Kaspersky Lab and downloading, distributing or using it without consent is illegal.

The company has yet to respond to our inquiries or issue a public statement in English. We will keep you up to date with new information when it becomes available.