Russian authorities arrested the employee. The developer received a multi-year suspended prison sentence for intellectual property theft. What Was Inside the Archive?
While it did not compromise the safety of modern PC users, the leak exposed the internal architecture of a premier commercial antimalware engine. This article breaks down the history of the file, the architecture of the leaked code, and the lasting impact it had on the cybersecurity landscape. The History Behind the Leak
The string is the exact filename of a notorious compressed archive that began circulating across the internet on January 28, 2011 . Weighing in at roughly 186 megabytes , this specific file contained a massive, unauthorized dump of the proprietary source code for Kaspersky Anti-Virus and Kaspersky Internet Security 2009 (internal version 8.0) . KASPERSKY.AV.2008.SRCS.ELCRABE.RAR
: Refers to the product line and the timeline during which the code was actively developed (primarily throughout 2007 and early 2008).
: Short for "sources," indicating that the archive contains human-readable source code rather than compiled binaries. Russian authorities arrested the employee
Despite the company's assurances, many analysts were concerned about the potential dangers, the most significant of which were:
: The file included complete, uncompiled source libraries for various auxiliary modules. This included the anti-phishing subsystem, anti-dialer tools, parental control frameworks, and localized spam filters. While it did not compromise the safety of
involving the source code for Kaspersky Anti-Virus products. Incident Overview Discovery Date:
: The handle or alias of the threat actor or group responsible for acquiring or distributing the archive.