Kaspersky lab inside: how they are analyzing the viruses

Discussion in 'other anti-virus software' started by format_c, Aug 15, 2009.

Thread Status:
Not open for further replies.
  1. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    Yesterday Roman Vasilenko from KL did a post on Gostev's personal blog. The article written in Russian is a stupid PR one and have no any intresting points except only one - the screenshot. The original screenshot was that. It is screenshot from a Dr.Web internal sandbox used for the virus analyzing inside Dr.Web virus laboratory and stollen by KL staff. good work of KL!
     

    Attached Files:

  2. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    How could it be stolen by KL staff? If it is Dr.Web's, why there are no official news about this? Will there be any legal action?
     
  3. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    R. Vasilenko is former Dr.Web virus analyst now working for E. Kaspersky
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    That does not imply Vasilenko has stolen anything. Please refrain from inuendo like this or provid solid proof.
     
  5. Ade 1

    Ade 1 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    471
    Location:
    In The Bath
    As far as I am concerned, who cares how KL analyze their viruses?!
     
  6. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    It's about stealing technology, not how they analyze things.
     
  7. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    what is this?:- "throw a bit of mud and hope something sticks"If these accusations were made anywhere else than on the web(or in parliment!) you'd probably find yourselves open to litigation
     
  8. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    One thing is sure, the OP hates Kaspersky :D
     
  9. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    So does this internal sandbox comes with a EULA for internal use only? I really do not think people at KL do not have an analyzing tool of their own. Maybe they will purchase license if needed but using a tool from a competitor without permission is a serious accusation.
     
  10. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Looks like all the other analysis tools you will find in AV labs usually. Where is the excitement?
     
  11. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    How do you know he didn't make the software, and now Dr. can't use it? :rolleyes:
     
  12. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Looks like a pretty ok tool to me.
     
  13. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    Kaspersky´s viruses? o_O :eek: and OMG
    I hope they do not publish it in the wild ....
     
  14. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    I really fail to see the point of this thread. Confusion, misunderstandings, FUD, mud throwing, more confusion and some extra confusion with sugar on top....

    Does this lead anywhere, or can a mod release this thread from its suffering?
     
  15. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    The poster meant viruses received/obtained by the Kaspersky virus analysis labs from various sources.........

    Well, as for the thread, quite a few smoke and daggers here, but even if what has been claimed did really happen, I really doubt it is the first time. :ninja:

    What is for sure is that the original poster does seem strongly affiliated with Dr.Web.......
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    While it is possible that I'm going insane, those of you who have visited the first link would be able to verify my sanity: if you visit it now, is the background different o_O Either the secureblog.info posting no longer has the background which was similar to the "Angar" post earlier or I need to sleep more :D

    Anyway, from a technical perspective: the text within the programs was identical in formatting (the screen captures are of programs monitoring specific API calls) which is suspicious to say the least but the blue-on-dark-blue is a standard color scheme for a few different DOS text editors/viewers.

    While it is possible that the researcher continued using the tool from the previous company, I'm not sure why as from the output shown, it just looks like a simple API tracer - something that both Dr. Web and Kaspersky have developed independently within their respective products.

    EDIT: Thank you, Google Cache, for assuring me of my sanity (at least this time :)):

    http://74.125.95.132/search?q=cache....Win32.Injecter.diw"&cd=1&hl=en&ct=clnk&gl=us

    I suspect there may be some foul play here and the author caught it and edited the pictures :doubt:
     
  17. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    really? ;)
    If they stealing, why they not producing their own viruses .... :rolleyes:
    what next Kaspersky terrorist organization
    bad kaspersky
     
    Last edited: Aug 17, 2009
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    One person does not reflect the whole company's ideals.
     
  19. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    (I think I speak for many people when I ask this) - What on earth are you talking about?
     
  20. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    Regarding Kaspersky, I am more concerned because even after ten days they not add a signature of the virus sample that I sent them (DR/Agent.ofc alias Trojan.Dropper.TDU).
     
  21. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
    haven't they use our "Angar" sandbox since now? :argh: so, they can't work anymore :ouch:
     
  22. format_c

    format_c Registered Member

    Joined:
    May 6, 2008
    Posts:
    116
  23. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    So, who are you or what are your relations with drweb?
    Where is official drweb statement for this incident?
     
  24. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    I think I see a fox in the bushes.
     
  25. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    It was bought up in the comments, the Kaspersky guy said it was done at home and not at work so he wasn't "working" on behalf of Kaspersky when using the tool.

    Followed by squabbles on copyrights, destroying media after employment ends and who really owns the tool because it was coded by two guys in their own time.

    Amusing stuff.

    P.S Can i have a copy also, it looks pretty cool. :D
     
Loading...
Thread Status:
Not open for further replies.