BleepingComputer.com: Malwarebytes' accuses IOBits of stealing their programs malware definitions

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Malwarebytes' accuses IOBits of stealing their programs malware definitions

#1 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,174
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 02 November 2009 - 11:17 PM

The Malwarebytes', or MBAM, team announced today that IOBit, a software developer located in China, has been purposely stealing their malware definitions and incorporating it into their Security 360 product. As IOBit has been marketing their new security product strongly lately, this accusation could make their Security 360 product short lived.

It started with the MBAM team discovering a forum thread at the IOBit forum with a user questioning the scan results from their new Security 360 product. The scan result is:

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501

The definition classification of Don't.Steal.Our.Software.A. is the exact same one that Malwarebytes' uses in their virus definitions for various MBAM serial code generators. The MBAM staff found it strange that IOBit would detect MBAM keygens and at the same time use the classification that they themselves made up. This led them to become suspicious and to dig deeper into the IOBit virus definitions. What they discovered was that this was not a unique incident and that there were other definitions that were copied directly from their database as well.

To finally confirm that they were indeed stealing their definitions, MBAM created a definition for a fake and nonexistent Rogue program called Rogue.AVCleanSweepPro and created fake and harmless test files to go along with this test. This is not a real infection and was made up by the Malwarebytes' development team in order to catch IOBit in the act. Therefore, the only place this definition should exist is in the Malwarebytes program definitions. Within two weeks, though, IOBit was flagging this same infection under almost the exact same names. So let's recap. A company makes up a program and two weeks later it appears in another company's program? Seems pretty obvious that they are stealing their definitions.

Malwarebytes` has also stated that they have discovered that IOBit may have stolen definitions from other competitors databases as well. At this time we do not who these other competitors are and what was stolen. This is not the first time that malware definitions have been stolen from competitors, but no matter how you look at it, this is a criminal act as the virus definitions are the intellectual property of the creators.

After the announcement, there has been a strong community outcry on the purported behavior of IOBit as seen by the Malwarebytes's announcement topic listed below. As IOBit is located in China, there has not been much of a response back from them as of yet. The only thing we have seen are threads being deleted from the IOBit forums when the subject is broached, and just recently, and new thread created by a IOBit staff member that is supposed to be used to post questions about the accusations by Malwarebytes'.

We will continue to cover this and provide any updates as we get them.

 



#2 User is offline   Andrew 

  • Bleepin' Night Watchman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 7,329
  • Joined: 05-December 05
  • Gender:Not Telling
  • Location:Right behind you

Posted 03 November 2009 - 04:59 AM

More:
Google's cached version of the thread in question isn't working at the moment, here's Bings(screencap in case the cache dies)

IObit's response (dubious IMHO):
Forum post and Official Blog

This post has been edited by Amazing Andrew: 03 November 2009 - 05:00 AM

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Posted Image
Boredom Software Stop Highlighting Things

#3 User is offline   elise025 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 36,056
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 03 November 2009 - 05:14 AM

Grinler, what would be a proper way at this moment to deal with IOBit software in logs?
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#4 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,174
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 03 November 2009 - 07:45 AM

At this point nothing. It is not our choice to demand a user stop using a software until this is all ironed out.

#5 User is offline   Swandog46 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 134
  • Joined: 24-April 05

Posted 03 November 2009 - 10:51 AM

Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post?

#6 User is offline   Andrew 

  • Bleepin' Night Watchman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 7,329
  • Joined: 05-December 05
  • Gender:Not Telling
  • Location:Right behind you

Posted 03 November 2009 - 01:23 PM

View PostSwandog46, on Nov 3 2009, 07:51 AM, said:

Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post?

Please do. If you host it yourself, a little linky to my site would be appreciated!
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Posted Image
Boredom Software Stop Highlighting Things

#7 User is offline   Swandog46 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 134
  • Joined: 24-April 05

Posted 03 November 2009 - 01:46 PM

If your site can handle the traffic, we will just link it. Thank you very much!

#8 User is offline   Andrew 

  • Bleepin' Night Watchman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 7,329
  • Joined: 05-December 05
  • Gender:Not Telling
  • Location:Right behind you

Posted 03 November 2009 - 01:49 PM

Have you seen the latest update to their response? They're posting LIVE MALWARE samples.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Posted Image
Boredom Software Stop Highlighting Things

#9 User is offline   ThunderZ 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Deactivated
  • Posts: 4,454
  • Joined: 18-July 09
  • Gender:Male

Posted 03 November 2009 - 02:21 PM

View PostAmazing Andrew, on Nov 3 2009, 01:49 PM, said:

They're posting LIVE MALWARE samples.


That is sadly hilarious.

Wonder how many of the HJT crew are now going to get stuck cleaning up what ever mess their d\l will create?

#10 User is offline   Andrew 

  • Bleepin' Night Watchman
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 7,329
  • Joined: 05-December 05
  • Gender:Not Telling
  • Location:Right behind you

Posted 03 November 2009 - 04:15 PM

If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.)
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Posted Image
Boredom Software Stop Highlighting Things

#11 User is offline   GT500 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 4
  • Joined: 12-September 09
  • Location:Fortville, Indiana, USA

Posted 03 November 2009 - 05:50 PM

Amazing Andrew said:

If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.)


Nice find. :thumbsup:

This post has been edited by GT500: 03 November 2009 - 06:22 PM

Quote

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...

#12 User is offline   boopme 

  • To Insanity and Beyond
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 46,271
  • Joined: 10-September 04
  • Gender:Male
  • Location:NJ USA

Posted 03 November 2009 - 10:37 PM

Marcin made a new reply today...

IOBit’s Denial of Theft Unconvincing
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook

#13 User is offline   Bezukhov 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 296
  • Joined: 22-July 09
  • Gender:Male
  • Location:Providence

Posted 06 November 2009 - 12:01 PM

I don't think I can continue using IObits 360 in good conscience any more. Not in light of this thread. Thank you for bringing this to my attention.

This post has been edited by Bezukhov: 06 November 2009 - 12:02 PM

To err is Human; To blame it on someone else is even more Human.

#14 User is offline   case.bolt 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 190
  • Joined: 25-August 08
  • Gender:Male

Posted 16 November 2009 - 12:35 PM

sad really. mbam is such as great program, and the developers deserve many thanks and kudos for all their hard work. sad that a company feels so inadequate that they have to copy someone else's hard work.

#15 User is offline   Maximus the Mad 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 18-November 09
  • Gender:Male
  • Location:Ohio

  Posted 18 November 2009 - 02:14 AM

I know some folks who work for MalwareBytes and I can't believe what I am reading! I hope all hosting sites take down the IObit theftware(there's a new category).

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users