Kaspersky Lab is again challenging allegations that it stole classified files from an NSA employee’s computer, pointing to new analysis that says the computer in question may have been infested with malware.
The computer had 121 pieces of malware on the system, including backdoors, exploits, and Trojans, according to Kaspersky. “It is possible that the user could have leaked information to many hands,” the security firm said.
The data comes as Kaspersky Lab battles accusations that its security software helped the Russian government to commit cyber espionage. Russian government hackers reportedly detected the classified files on the NSA employee’s computer by using Kaspersky antivirus software, which was installed on the system.
Moscow-based Kaspersky has been poring over internal logs, which it says detected alerts for 121 malicious files on the computer, which may have come from pirated software. Among them was a file called Backdoor.Win32.Mokes.hvl, which was sold on Russian underground forums and infected the NSA employee’s computer in October 2014.
During the time of the infection, the Mokes malware had been communicating to a command control server from a “Chinese entity” going by the name Zhou Lou, using the email address firstname.lastname@example.org, according to Kaspersky Lab.
The computer became infected after the NSA employee disabled antivirus software to install a pirated version Microsoft Office 2013, the security firm claims. “The malware consisted of a full-blown backdoor which could have allowed other third-parties to access the user’s machine,” the company said.
Additional software piracy tools were detected on the computer as well, which may explain why it had so many malicious files on the system. But it’s unclear if the 120 other pieces of malware ever executed on the computer, Kaspersky Lab said.
It’s also unclear if the new findings will lift the controversy around the security firm. The US Department of Homeland Security has ordered federal agencies to remove Kaspersky Lab software from their systems. Retailers such as Best Buy have also dropped it from store shelves.
Last month, Kaspersky Lab admitted it had inadvertently downloaded classified files from the NSA employee’s computer, but only because the company’s antivirus software had flagged them as malware. Those files reportedly contained NSA hacking tools, including the computer code. Once Kaspersky Lab realized the files had actually come from the US government, it promptly deleted them from its own database.
Kaspersky said its software is no different from competing antivirus products, which also scan system files for potential malware. But the downloading of classified files from an NSA computer, even if inadvertent, probably doesn’t sit well with the US government.