 Malwarebytes' accuses IOBits of stealing their programs malware definitions |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Nov 2 2009, 11:17 PM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 31,597 Joined: 24-January 04 From: USA Member No.: 3  |
 The Malwarebytes', or MBAM, team announced today that IOBit, a software developer located in China, has been purposely stealing their malware definitions and incorporating it into their Security 360 product. As IOBit has been marketing their new security product strongly lately, this accusation could make their Security 360 product short lived.It started with the MBAM team discovering a forum thread at the IOBit forum with a user questioning the scan results from their new Security 360 product. The scan result is: Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501The definition classification of Don't.Steal.Our.Software.A. is the exact same one that Malwarebytes' uses in their virus definitions for various MBAM serial code generators. The MBAM staff found it strange that IOBit would detect MBAM keygens and at the same time use the classification that they themselves made up. This led them to become suspicious and to dig deeper into the IOBit virus definitions. What they discovered was that this was not a unique incident and that there were other definitions that were copied directly from their database as well. To finally confirm that they were indeed stealing their definitions, MBAM created a definition for a fake and nonexistent Rogue program called Rogue.AVCleanSweepPro and created fake and harmless test files to go along with this test. This is not a real infection and was made up by the Malwarebytes' development team in order to catch IOBit in the act. Therefore, the only place this definition should exist is in the Malwarebytes program definitions. Within two weeks, though, IOBit was flagging this same infection under almost the exact same names. So let's recap. A company makes up a program and two weeks later it appears in another company's program? Seems pretty obvious that they are stealing their definitions. Malwarebytes` has also stated that they have discovered that IOBit may have stolen definitions from other competitors databases as well. At this time we do not who these other competitors are and what was stolen. This is not the first time that malware definitions have been stolen from competitors, but no matter how you look at it, this is a criminal act as the virus definitions are the intellectual property of the creators. After the announcement, there has been a strong community outcry on the purported behavior of IOBit as seen by the Malwarebytes's announcement topic listed below. As IOBit is located in China, there has not been much of a response back from them as of yet. The only thing we have seen are threads being deleted from the IOBit forums when the subject is broached, and just recently, and new thread created by a IOBit staff member that is supposed to be used to post questions about the accusations by Malwarebytes'. We will continue to cover this and provide any updates as we get them. -------------------- |
 |
 
|
Link: |
Nov 3 2009, 04:59 AM
Post
#2
|
|
 Bleepin' Night Watchman Group: Moderator Posts: 4,244 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
More:
Google's cached version of the thread in question isn't working at the moment, here's Bings(screencap in case the cache dies) IObit's response (dubious IMHO): Forum post and Official Blog This post has been edited by Amazing Andrew: Nov 3 2009, 05:00 AM -------------------- |
|
|
|
|
Nov 3 2009, 05:14 AM
Post
#3
|
|
 Bleepin' Blond Group: HJT Team Posts: 3,279 Joined: 5-October 07 From: @Home Member No.: 160,991 |
Grinler, what would be a proper way at this moment to deal with IOBit software in logs?
-------------------- Regards,
Elise  |
|
|
|
|
Nov 3 2009, 07:45 AM
Post
#4
|
|
|
Bleep Bleep! Group: Admin Posts: 31,597 Joined: 24-January 04 From: USA Member No.: 3 |
At this point nothing. It is not our choice to demand a user stop using a software until this is all ironed out.
-------------------- |
|
|
|
|
Nov 3 2009, 10:51 AM
Post
#5
|
|
|
Member Group: HJT Team Posts: 134 Joined: 24-April 05 Member No.: 18,017 |
Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post?
|
|
|
|
|
Nov 3 2009, 01:23 PM
Post
#6
|
|
|
Bleepin' Night Watchman Group: Moderator Posts: 4,244 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
QUOTE(Swandog46 @ Nov 3 2009, 07:51 AM)  Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post? Please do. If you host it yourself, a little linky to my site would be appreciated! -------------------- |
|
|
|
|
Nov 3 2009, 01:46 PM
Post
#7
|
|
|
Member Group: HJT Team Posts: 134 Joined: 24-April 05 Member No.: 18,017 |
If your site can handle the traffic, we will just link it. Thank you very much!
|
|
|
|
|
Nov 3 2009, 01:49 PM
Post
#8
|
|
|
Bleepin' Night Watchman Group: Moderator Posts: 4,244 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
Have you seen the latest update to their response? They're posting LIVE MALWARE samples.
-------------------- |
|
|
|
|
Nov 3 2009, 02:21 PM
Post
#9
|
|
 Forum Addict Group: BC Advisor Posts: 1,095 Joined: 18-July 09 From: 127.0.0.X Member No.: 354,458 |
QUOTE(Amazing Andrew @ Nov 3 2009, 01:49 PM) They're posting LIVE MALWARE samples. That is sadly hilarious. Wonder how many of the HJT crew are now going to get stuck cleaning up what ever mess their d\l will create? -------------------- Practicing safe hex.
If any of the assistance given to you by any Member replying to your post solves your problem please take a moment to reply. This helps us all in the learning process. |
|
|
|
|
Nov 3 2009, 04:15 PM
Post
#10
|
|
|
Bleepin' Night Watchman Group: Moderator Posts: 4,244 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.)
-------------------- |
|
|
|
|
Nov 3 2009, 05:50 PM
Post
#11
|
|
 New Member Group: Members Posts: 4 Joined: 12-September 09 From: Fortville, Indiana, USA Member No.: 377,072 |
QUOTE(Amazing Andrew) If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.) Nice find. 
This post has been edited by GT500: Nov 3 2009, 06:22 PM -------------------- QUOTE For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world... |
|
|
|
|
Nov 3 2009, 10:37 PM
Post
#12
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 21,844 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Marcin made a new reply today...
IOBit’s Denial of Theft Unconvincing -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
Nov 6 2009, 12:01 PM
Post
#13
|
|
 Member Group: Members Posts: 53 Joined: 22-July 09 From: Providence Member No.: 355,664 |
I don't think I can continue using IObits 360 in good conscience any more. Not in light of this thread. Thank you for bringing this to my attention.
This post has been edited by Bezukhov: Nov 6 2009, 12:02 PM -------------------- To err is Human; To blame it on someone else is even more Human.
|
|
|
|
|
Nov 16 2009, 12:35 PM
Post
#14
|
|
 Forum Regular Group: HJT Junior Classmen Posts: 155 Joined: 25-August 08 Member No.: 233,250 |
sad really. mbam is such as great program, and the developers deserve many thanks and kudos for all their hard work. sad that a company feels so inadequate that they have to copy someone else's hard work.
|
|
|
|
 Nov 18 2009, 02:14 AM
Post
#15
|
|
|
New Member Group: Members Posts: 2 Joined: 18-November 09 From: Ohio Member No.: 404,604 |
I know some folks who work for MalwareBytes and I can't believe what I am reading! I hope all hosting sites take down the IObit theftware(there's a new category).
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 20th November 2009 - 04:49 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.