Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes' accuses IOBits of stealing their programs malware definitions


  • Please log in to reply
31 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 PM

Posted 02 November 2009 - 11:17 PM

The Malwarebytes', or MBAM, team announced today that IOBit, a software developer located in China, has been purposely stealing their malware definitions and incorporating it into their Security 360 product. As IOBit has been marketing their new security product strongly lately, this accusation could make their Security 360 product short lived.

It started with the MBAM team discovering a forum thread at the IOBit forum with a user questioning the scan results from their new Security 360 product. The scan result is:

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501

The definition classification of Don't.Steal.Our.Software.A. is the exact same one that Malwarebytes' uses in their virus definitions for various MBAM serial code generators. The MBAM staff found it strange that IOBit would detect MBAM keygens and at the same time use the classification that they themselves made up. This led them to become suspicious and to dig deeper into the IOBit virus definitions. What they discovered was that this was not a unique incident and that there were other definitions that were copied directly from their database as well.

To finally confirm that they were indeed stealing their definitions, MBAM created a definition for a fake and nonexistent Rogue program called Rogue.AVCleanSweepPro and created fake and harmless test files to go along with this test. This is not a real infection and was made up by the Malwarebytes' development team in order to catch IOBit in the act. Therefore, the only place this definition should exist is in the Malwarebytes program definitions. Within two weeks, though, IOBit was flagging this same infection under almost the exact same names. So let's recap. A company makes up a program and two weeks later it appears in another company's program? Seems pretty obvious that they are stealing their definitions.

Malwarebytes` has also stated that they have discovered that IOBit may have stolen definitions from other competitors databases as well. At this time we do not who these other competitors are and what was stolen. This is not the first time that malware definitions have been stolen from competitors, but no matter how you look at it, this is a criminal act as the virus definitions are the intellectual property of the creators.

After the announcement, there has been a strong community outcry on the purported behavior of IOBit as seen by the Malwarebytes's announcement topic listed below. As IOBit is located in China, there has not been much of a response back from them as of yet. The only thing we have seen are threads being deleted from the IOBit forums when the subject is broached, and just recently, and new thread created by a IOBit staff member that is supposed to be used to post questions about the accusations by Malwarebytes'.

We will continue to cover this and provide any updates as we get them.





BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:17 PM

Posted 03 November 2009 - 04:59 AM

More:
Google's cached version of the thread in question isn't working at the moment, here's Bings(screencap in case the cache dies)

IObit's response (dubious IMHO):
Forum post and Official Blog

Edited by Amazing Andrew, 03 November 2009 - 05:00 AM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:17 AM

Posted 03 November 2009 - 05:14 AM

Grinler, what would be a proper way at this moment to deal with IOBit software in logs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 PM

Posted 03 November 2009 - 07:45 AM

At this point nothing. It is not our choice to demand a user stop using a software until this is all ironed out.

#5 Swandog46

Swandog46

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 03 November 2009 - 10:51 AM

Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post?

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:17 PM

Posted 03 November 2009 - 01:23 PM

Amazing Andrew, thank you very much for the screenshot of IOBit forums. If the Bing cached version goes down too, may we use your screenshot (we can either link it, or, if you think the traffic is too much, re-host it ourselves) in a future blog post?

Please do. If you host it yourself, a little linky to my site would be appreciated!

#7 Swandog46

Swandog46

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 03 November 2009 - 01:46 PM

If your site can handle the traffic, we will just link it. Thank you very much!

#8 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:17 PM

Posted 03 November 2009 - 01:49 PM

Have you seen the latest update to their response? They're posting LIVE MALWARE samples.

#9 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 03 November 2009 - 02:21 PM

They're posting LIVE MALWARE samples.


That is sadly hilarious.

Wonder how many of the HJT crew are now going to get stuck cleaning up what ever mess their d\l will create?

#10 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:04:17 PM

Posted 03 November 2009 - 04:15 PM

If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.)

#11 GT500

GT500

    Authorized Emsisoft Representative


  • Security Colleague
  • 136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fortville, Indiana, USA
  • Local time:07:17 PM

Posted 03 November 2009 - 05:50 PM

If it's any use to anyone, here's a copy of the IOBit Offline Database from 8/31/09 from TechSpot (I have a local copy in case the link dies and needs to be mirrored.)


Nice find. :thumbsup:

Edited by GT500, 03 November 2009 - 06:22 PM.

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:17 PM

Posted 03 November 2009 - 10:37 PM

Marcin made a new reply today...

IOBitís Denial of Theft Unconvincing
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:07:17 PM

Posted 06 November 2009 - 12:01 PM

I don't think I can continue using IObits 360 in good conscience any more. Not in light of this thread. Thank you for bringing this to my attention.

Edited by Bezukhov, 06 November 2009 - 12:02 PM.

To err is Human. To blame it on someone else is even more Human.

#14 case.bolt

case.bolt

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 16 November 2009 - 12:35 PM

sad really. mbam is such as great program, and the developers deserve many thanks and kudos for all their hard work. sad that a company feels so inadequate that they have to copy someone else's hard work.

#15 Maximus the Mad

Maximus the Mad

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:06:17 PM

Posted 18 November 2009 - 02:14 AM

I know some folks who work for MalwareBytes and I can't believe what I am reading! I hope all hosting sites take down the IObit theftware(there's a new category).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users