While revealing the results of an internal investigation, Kaspersky Lab admitted it had uploaded classified NSA malware from a user\u2019s computer in 2014. But that same user had been backdoored after installing a pirated version of Microsoft Office.The NSA worker, who had stored classified NSA materials on his home computer, ran a home version of Kaspersky Antivirus and had chosen to enable Kaspersky Security Network\u00a0(KSN), which automatically uploads new and previously unknown malware. That is how Kaspersky ended up with the new sample of malware. When an analyst alerted CEO Eugene Kaspersky that the file contained classified source code for a new hacking tool, the CEO said to immediately delete it.The user is not identified as being an NSA worker, but numerous reports have described him as being part of the NSA hacking unit and that he had classified material on his home computer.According to the preliminary results of Kaspersky Lab\u2019s internal investigation, the Equation malware was first detected Sept. 11, 2014, after it was automatically submitted due to KSN being enabled on the NSA worker\u2019s computer.After the detection, the NSA worker turned off Kaspersky Lab antivirus in order to install pirated software. Logs indicated that the activation key generator for the 2013 version of Microsoft Office was infected with malware. The antivirus was disabled in order for him to run the keygen.Kaspersky Lab explained:The user was infected with this malware for an unspecified period, while the product was inactive. The malware dropped from the trojanized keygen was a full blown backdoor which may have allowed third parties access to the user\u2019s machine.The NSA worker re-enabled Kaspersky AV at some point, which resulted in the malicious keygen being detected and blocked. The NSA dude then scanned his computer multiple times, \u201cwhich resulted in detections of new and unknown variants of Equation APT malware.\u201d The last detection from his machine was on Nov. 17, 2014.One file that was detected and automatically uploaded due to KSN being enabled was a 7zip archive. The archive reportedly contained \u201cmultiple malware samples and source code for what appeared to be Equation malware.\u201dWhen an analyst told Kaspersky about what was discovered,Kaspersky reportedly said to delete it from their systems. \u201cThe archive was not shared with any third parties,\u201d he said.The internal investigation turned up no other third-party intrusion detected in Kaspersky Lab\u2019s networks other than Duqu 2.0. This fits with reports of Israel having burrowed deeply into Kaspersky\u2019s networks. The company revealed Duqu 2.0 to the public in 2015.Kaspersky goes on to report that it found no evidence of being hacked by Russian spies. Its \u201cinvestigation confirmed that Kaspersky Lab has never created any detection of non-weaponized (non-malicious) documents in its products based on keywords like \u2018top secret\u2019 and \u2018classified.'\u201dKaspersky Labs published its report on the Equation Group in February 2015. Afterwards, \u201cseveral other users with KSN enabled have appeared in the same IP range as the original detection. These seem to have been configured as \u2018honeypots,\u2019 each computer being loaded with various Equation-related samples. No unusual (non-executable) samples have been detected and submitted from these \u2018honeypots\u2019 and detections have not been processed in any special way.\u201dTo hear Kaspersky tell it, it does sound plausible that Russian hackers may have obtained the NSA malware from the pirated software\u2019s backdoor.Kaspersky has vehemently denied any inappropriate links to the Russian government. On Monday, the company launched a transparency initiative to win back trust after the U.S. government\u2019s spying claims.