Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Source Code In the Wild

Posted by Soulskill on from the somebody-get-attenborough-to-find-it dept.

mvar writes "The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably stolen in early 2008. Names contained in the source indicate that the stolen code was probably a beta version of the 2008 software package – the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The thief has reportedly been trying to sell the code on the black market for some time, and Kaspersky says that the code archive already appeared in various private forums last November."

3 of 154 comments (clear)

  1. Re:And, in other news... by hairyfeet · · Score: 4, Informative

    Actually MSFT releasing the Win9X source would be WONDERFUL news, because if you haven't tried it Win9X can make a great embedded OS with better driver support and lower specs than pretty much any embedded OS out there.

    And as for why anyone would care about TFA, that's simple: Often you don't "throw the baby out with the bathwater" and significant portions of the code will be reused. This means the black hats pretty much have a roadmap to use to trash Kaspersky AV. Even if they didn't use much of the previous code it most likely will allow them to see how the Kaspersky AV team treats PC resources like memory, giving them a good idea of where the weak spots are. Bad news for Kaspersky users I'd say.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  2. Re:I just stopped using anti-virus by Opportunist · · Score: 3, Informative

    It's a very good start. Brain 1.0 is still the best virus scanner out there.

    Still, there are threats that can't be defeated that way. Scenario: Exploit in a major flash application that affects all possible plugins (since they are essentially the same with different interfaces to the browser), an iframe hidden in a webpage on a, say, hotel homepage you happen to visit because you are planning your vacation, infection complete. If you happen to dislike plugins, browsers themselves can have their loopholes (IIRC the MHTML hole already made it to /. today), not to mention that browsers do also rely on APIs in the end, which are the same, no matter what browser you use.

    I'm not saying get a AV tool. All I say is that there are still vectors you cannot defeat just by being careful. A system's security is the minimum of the user's and the system's ability. Not the average.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:Stolen?? by Anonymous Coward · · Score: 2, Informative

    Here's another one: Identity theft. Language evolves. Deal with it.

    Heck no... framing bank fraud as "identity theft" puts the onus on the victim instead of where it properly belongs.