Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
System utilities
IObit is Scummy
Message
<blockquote data-quote="Digmor Crusher" data-source="post: 861941" data-attributes="member: 69540"><p>Background if anyone is interested, from Marcin on Malwarebytes forum:</p><p></p><p>Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.</p><p>We came across a <a href="http://forums.iobit.com/showthread.php?t=3325" target="_blank">post on the IOBit forums</a> (<a href="http://74.125.95.132/search?q=cache:7AiT5eWEygIJ:forums.iobit.com/showthread.php" target="_blank">cached version</a>, since they have now deleted the original) that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes' Anti-Malware software using the exact naming scheme we use to flag such keygens: <strong>Don't.Steal.Our.Software.A.</strong></p><p>Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501</p><p>Why would IOBit detect a keygen for <strong>our</strong> software and refer to it using <strong>our</strong> database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.</p><p>So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly.</p><p>The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.</p><p>We can't publicly show all the evidence we found, because it is still our intellectual property: proprietary information about our database internals. But we don't want you to have to take our word for it either, so we found a way to show you an example illustrating an indisputable pattern of theft.</p><p>Consider the file, "<a href="http://www.malwarebytes.org/press/iobit/dummy.exe" target="_blank">dummy.exe</a>". It is a harmless dummy executable that runs, displays a "Hello World" message box, and exits. You can see from third-party scans on <a href="http://www.virustotal.com/analisis/7c29a8585563710440e5d2f4e638aeb3a474ebb3c7518b65b509d6bbbb6c029a-1257181353" target="_blank">VirusTotal</a>, that no other security vendor flags this executable as malicious or even suspicious.</p><p>We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! -- the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results.</p><p>We scanned the file with our own Malwarebytes' Anti-Malware software and indeed it was flagged as "Don't.Steal.Our.Software.A". We scanned it with IOBit using their <strong>current build and database version</strong> and it was flagged as the same "Don't.Steal.Our.Software.A". We have included their <a href="http://www.malwarebytes.org/press/iobit/iobit_dummy.log" target="_blank">log file</a> and a <a href="http://www.malwarebytes.org/press/iobit/screen_iobit_dummy.JPG" target="_blank">screenshot</a> of the detection. You can verify by yourself using the dummy executable and their most recent database.</p><p>We have attached two other such dummy executables to this post, so you can see for yourself. One of them, "<a href="http://www.malwarebytes.org/press/iobit/rogue.exe" target="_blank">rogue.exe</a>", matches our fake Rogue.AVCleanSweepPro (<a href="http://www.malwarebytes.org/press/iobit/screen_iobit_rogue.JPG" target="_blank">screenshot</a>) definition, the other "<a href="http://www.malwarebytes.org/press/iobit/fake.exe" target="_blank">fake.exe</a>", matches an Adware.NaviPromo definition (<a href="http://www.malwarebytes.org/press/iobit/screen_iobit_fake.JPG" target="_blank">screenshot</a>). VirusTotal results for "<a href="http://www.virustotal.com/analisis/b82c8266500f9f546826893576ece950ad5890c8d87f9e1c6f2246fa020185f3-1257185364" target="_blank">fake.exe</a>" and "<a href="http://www.virustotal.com/analisis/b80a5478b8f496122e631d020a2539fbd3275809bcf55671e6af263343240294-1257185121" target="_blank">rogue.exe</a>" so you can see they are benign. You can see a screenshot of our detections <a href="http://www.malwarebytes.org/press/iobit/screen_mbam.JPG" target="_blank">here</a>.</p><p>During the course of our investigation, we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well. We are in the process of contacting these vendors.</p><p>Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes' proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.</p><p>What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed.</p><p></p><p>To summarize, yes, IObit is slimy.</p></blockquote><p></p>
[QUOTE="Digmor Crusher, post: 861941, member: 69540"] Background if anyone is interested, from Marcin on Malwarebytes forum: Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know. We came across a [URL='http://forums.iobit.com/showthread.php?t=3325']post on the IOBit forums[/URL] ([URL='http://74.125.95.132/search?q=cache:7AiT5eWEygIJ:forums.iobit.com/showthread.php']cached version[/URL], since they have now deleted the original) that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes' Anti-Malware software using the exact naming scheme we use to flag such keygens: [B]Don't.Steal.Our.Software.A.[/B] Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501 Why would IOBit detect a keygen for [B]our[/B] software and refer to it using [B]our[/B] database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database. So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly. The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names. We can't publicly show all the evidence we found, because it is still our intellectual property: proprietary information about our database internals. But we don't want you to have to take our word for it either, so we found a way to show you an example illustrating an indisputable pattern of theft. Consider the file, "[URL='http://www.malwarebytes.org/press/iobit/dummy.exe']dummy.exe[/URL]". It is a harmless dummy executable that runs, displays a "Hello World" message box, and exits. You can see from third-party scans on [URL='http://www.virustotal.com/analisis/7c29a8585563710440e5d2f4e638aeb3a474ebb3c7518b65b509d6bbbb6c029a-1257181353']VirusTotal[/URL], that no other security vendor flags this executable as malicious or even suspicious. We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! -- the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results. We scanned the file with our own Malwarebytes' Anti-Malware software and indeed it was flagged as "Don't.Steal.Our.Software.A". We scanned it with IOBit using their [B]current build and database version[/B] and it was flagged as the same "Don't.Steal.Our.Software.A". We have included their [URL='http://www.malwarebytes.org/press/iobit/iobit_dummy.log']log file[/URL] and a [URL='http://www.malwarebytes.org/press/iobit/screen_iobit_dummy.JPG']screenshot[/URL] of the detection. You can verify by yourself using the dummy executable and their most recent database. We have attached two other such dummy executables to this post, so you can see for yourself. One of them, "[URL='http://www.malwarebytes.org/press/iobit/rogue.exe']rogue.exe[/URL]", matches our fake Rogue.AVCleanSweepPro ([URL='http://www.malwarebytes.org/press/iobit/screen_iobit_rogue.JPG']screenshot[/URL]) definition, the other "[URL='http://www.malwarebytes.org/press/iobit/fake.exe']fake.exe[/URL]", matches an Adware.NaviPromo definition ([URL='http://www.malwarebytes.org/press/iobit/screen_iobit_fake.JPG']screenshot[/URL]). VirusTotal results for "[URL='http://www.virustotal.com/analisis/b82c8266500f9f546826893576ece950ad5890c8d87f9e1c6f2246fa020185f3-1257185364']fake.exe[/URL]" and "[URL='http://www.virustotal.com/analisis/b80a5478b8f496122e631d020a2539fbd3275809bcf55671e6af263343240294-1257185121']rogue.exe[/URL]" so you can see they are benign. You can see a screenshot of our detections [URL='http://www.malwarebytes.org/press/iobit/screen_mbam.JPG']here[/URL]. During the course of our investigation, we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well. We are in the process of contacting these vendors. Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes' proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it. What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed. To summarize, yes, IObit is slimy. [/QUOTE]
Insert quotes…
Verification
Post reply
Top