2 edits | IOBit Steals Malwarebytes Intellectual Property I saw this on twitter via @Malwarebytes.
Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.
We came across a post on the IOBit forums that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes' Anti-Malware software using the exact naming scheme we use to flag such keygens: Don't.Steal.Our.Software.A.
Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501
Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.
So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly.
The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.
We can't publicly show all the evidence we found, because it is still our intellectual property: proprietary information about our database internals. But we don't want you to have to take our word for it either, so we found a way to show you an example illustrating an indisputable pattern of theft.
Consider the file, "dummy.exe". It is a harmless dummy executable that runs, displays a "Hello World" message box, and exits. You can see from third-party scans on VirusTotal, that no other security vendor flags this executable as malicious or even suspicious.
We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! -- the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results.
We scanned the file with our own Malwarebytes' Anti-Malware software and indeed it was flagged as "Don't.Steal.Our.Software.A". We scanned it with IOBit using their current build and database version and it was flagged as the same "Don't.Steal.Our.Software.A". We have included their log file and a screenshot of the detection. You can verify by yourself using the dummy executable and their most recent database.
We have attached two other such dummy executables to this post, so you can see for yourself. One of them, "rogue.exe", matches our fake Rogue.AVCleanSweepPro (screenshot) definition, the other "fake.exe", matches an Adware.NaviPromo definition (screenshot). VirusTotal results for "fake.exe" and "rogue.exe" so you can see they are benign. You can see a screenshot of our detections here.
During the course of our investigation, we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well. We are in the process of contacting these vendors.
Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes' proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.
What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed.
»www.malwarebytes.org/forums/inde···ic=29681 |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE
kudos:1 | This is pretty pathetic considering it's not even a good program.
--
~~Get our troops home...now!!~~ |
|
doppler
join:2003-03-31
Blue Point, NY | reply to xxTRAGEDYxx
Good luck in getting results.
China:
A land where you can get "Garden" a $4 copy of Windows XP. |
|
| reply to xxTRAGEDYxx
Someone needs to get this Slashdoted  |
|
| reply to xxTRAGEDYxx
Taking a shortcut, which turns out to be the wrong way  |
|
ZZZZZZZPremium
join:2001-05-27
PARADISE
kudos:1 | Wilders is already saying that the IObit mods have started to delete threads about this.........lol
--
~~Get our troops home...now!!~~ |
|
|
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| reply to xxTRAGEDYxx
Hmm. Why is it so hard to believe? Piracy exists all over the place in one form or another, mainly because the pirates believe they can get away with it. All too often, they can! And this may prove to be no exception. 
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
| Good job Mcafee: Red flagged!
»www.siteadvisor.com/sites/iobit.com
"Rating: Phishing or other scams
IOBit has been accused of stealing the MalwareBytes database. And they appear to have ample evidence to prove it.
»www.malwarebytes.org/forums/inde···c=29681"
Not yet for Norton Safe web:
»safeweb.norton.com/report/show?u···&x=0&y=0 |
|
| reply to Blackbird
I didn't say that. That was from the Malwarebytes forums post. Anyhow, I agree that anyone can be taken advantage of nowadays. |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
1 edit | reply to xxTRAGEDYxx
Unless already cited:
»malwarebytes.besttechie.net/2009···roperty/
Edit to add:
»goretsky.spaces.live.com/blog/cn···24.entry |
|
 tib
@netvigator.com | reply to xxTRAGEDYxx
Re: IOBit Steals Malwarebytes Intellectual Property is iobit taken by AVG?
»www.iobit.com/avg-com.html |
|
 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA | That looks like the reverse, that IOBit is offering (as a vendor of sorts) version 8 of AVG. Since AVG is up to version 9, that doesn't look all that current.
--
In reality, there is no such thing as a clean human being. |
|
 jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
2 edits | reply to xxTRAGEDYxx
Interesting "Declaration from IObit":
They "need your support and attention"
Some of the followup comments are pretty good too...(Until they get deleted).
»blog.iobit.com/archives/95.html
--
I had a life once.....now I have a Computer and a Modem. |
|
 La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3 | FWIW, I get a big warning from WOT when I go to that link. |
|
 RyanPremium
join:2001-03-03
Quincy, MA | reply to xxTRAGEDYxx
Yea I will believe IOBit over malwarebytes  |
|
jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2
1 edit | Agreed...(and sarcasm noted).
It's also interesting to note that the Blog has already changed since I first looked at it.
They're still in the process of adding more "proof" that no "Intellectual Property" was stolen, as I type this.
(Edit) Or, to put it another way...they're still panicking.
--
I had a life once.....now I have a Computer and a Modem. |
|
 Doctor FourMy other vehicle is a TARDISPremium
join:2000-09-05
Dallas, TX
1 edit | reply to xxTRAGEDYxx
Next thing you know they will get shills to post here and at Malwarebytes trying to defend their software as legitimate.
It's a common pattern; one which is seen all the time in the Spam, Scam and Phishbusters forum.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
|
|
 LagzPremium
join:2000-09-03
The Rock
·AT&T DSL Service
| reply to xxTRAGEDYxx
Download.com/Cnet still has their software up. This isn't any different than say reading a website and then paraphrasing on your own website. I can't believe that none of these malware detection companies do not look at and use parts, pieces, or even whole segments of competitors definition database. Eventually all malware companies have definitions that are identical or almost identical and detect the same malware. Why is that?
--
To talk much and arrive nowhere is the same as climbing a tree to catch a fish. |
|
 Blue2Premium
join:2004-04-14
France
kudos:1
1 edit | reply to xxTRAGEDYxx
said by Doctor Four:Next thing you know they will get shills to post here and at Malwarebytes trying to defend their software as legitimate. Disinformation has been around for a long time and it isn't likely to stop. Don't be surprised by anything, including attempts to "defend" by attempting to discredit Malwarebytes. (That's a reason why complete anonymity on the internet isn't always a good thing. It can also provide the opportunity for drive-by defamation and character assassination.)
Setting up a fake dummy file to catch them displaying the same fake file was a good strategy. I just hope that now that the cat is out of the bag, they've already collected sufficient proof from a legal standpoint. Contacting an attorney promptly is undoubtedly the best step rather than a simple public uprising. |
|
