Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.
We came across a post on the IOBit forums (cached version, since they have now deleted the original) that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes' Anti-Malware software using the exact naming scheme we use to flag such keygens: Don't.Steal.Our.Software.A.
Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes' Anti-Malware v1.39\Key_Generator.exe, 9-30501
Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.
So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly. The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.
We can't publicly show all the evidence we found, because it is still our intellectual property: proprietary information about our database internals. But we don't want you to have to take our word for it either, so we found a way to show you an example illustrating an indisputable pattern of theft. Consider the file, "dummy.exe". It is a harmless dummy executable that runs, displays a "Hello World" message box, and exits. You can see from third-party scans on VirusTotal, that no other security vendor flags this executable as malicious or even suspicious.
For more on this story, see this thread at the Malwarebytes forum. http://www.malwarebytes.org/forums/index.php?showtopic=29681&st=0
Message was edited by: paullotion on 11/4/09 5:42 PM
Message was edited by: paullotion on 11/4/09 5:52 PM