Malwarebytes Alleges Signature Database Theft by IOBit
By on November 2nd, 2009

A recent forum post on Malwarebytes by the CEO of the company Marcin Kleczynski, has leveled serious allegations against IOBit. The CEO has uncovered evidence against IOBit, a security firm from China, and leveled charges that they are stealing proprietary malware and signature databases from Malwarebytes.

Marcin elaborated throughout the post how Malwarebytes spotted the database theft, and accumulated more evidence, which further  strengthens  their claim against IOBit.

We came across a post on the IOBit forums that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes Anti-Malware software using the exact naming scheme we use to flag such keygens: Don’t.Steal.Our.Software.A.

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes Anti-Malware v1.39\Key_Generator.exe, 9-30501

Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.

The above discovery led the Malwarebytes team to conduct several other tests. Most of the tests were created using fake malware signatures and were promptly copied over by IOBit.

We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! — the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results.

We scanned the file with our own Malwarebytes Anti-Malware software and indeed it was flagged as “Don’t.Steal.Our.Software.A”. We scanned it with IOBit using their current build and database version and it was flagged as the same “Don’t.Steal.Our.Software.A”. We have included their log file and a screenshot of the detection. You can verify by yourself using the dummy executable and their most recent database.

From the looks of it, most of the evidence suggest that, there is indeed a database theft. Malwarebytes also suggested that IOBit has been using proprietary information from other security vendors, without giving out specific names. Malwarebytes plans to pursue legal action against IOBit. Thanks @BillP.

Disclaimer: These are allegations from Malwarebytes. We do not endorse the fact, till they are proven by law. This post is written to make people aware of the ongoing controversy.

Author: Keith Dsouza Google Profile for Keith Dsouza
I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written and can be contacted at keith@techie-buzz.com.
  • Zeengar

    I advised others to purchase Malwarebytes on many occassions . Was there a conclusion to this? Where the claims founded?

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN