TECHINFOTECH

Your passport to techworld!

About Me

Responsive Ads Here

Tuesday, November 3, 2009

IOBit is stealing the Malwarebytes database


Marcin Kleczynski, CEO of Malwarebytes, has posted a detailed accusation, presenting evidence that IOBit is stealing the Malwarebytes database.

Iotbit, a Chinese company based in Chengdu, provides a number of PC utilities, including an antimalware product called IOBit Security 360. According to Kleczynski:

Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.

We came across a post on the IOBit forums that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes' Anti-Malware software using the exact naming scheme we use to flag such keygens: Don't.Steal.Our.Software.A.

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501

Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.

So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly.

The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.

There’s quite a bit more here.

Stealing AV signatures is not a new phenomena — AV companies have battled this type of thing for years. In this case, it looks to be quite blatant, based on the evidenced presented.

No comments:

Post a Comment