Malwarebytes definition database stolen, misused by IOBit
Now, for the past few weeks I've been reading numerous blog posts about how IOBit is giving away their security software for free. The offer was timed to coincide with the launch of Windows 7, and has popped up in my Google Reader several times since.
How do the two relate?
A few weeks ago, Malwarebytes staffers came across an interesting post on the IOBit forums. The post detailed a keygen for Malwarebytes and reported it using the same name MBAM reports. The crew dug further and found more evidence of copycat detections.
To confirm their suspicions, a fake signature implanted in the Malwarebytes database.
"The final confirmation of IOBit's theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This "malware" does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names."If this is proven to be true, I certainly hope that Malwarebytes is successful in prosecuting IOBit. For another company to use a tactic as underhanded as this - let's face it, it's outright theft - to build a product and label it as their own is appalling.
IOBit are, of course, defending themselves in their forums. They respond:
"We have never used the database of any other companies. And hope Malwarebytes stop spreading malicious rumors for hyping itself[...]A legal letter will be released later, which will prove that there is no problem with Intellectual Property Rights.Nevertheless, IOBit's reputation is taking a beating now on WebOfTrust - Malwarebytes supporters have been all too happy to head over and vote down IOBit's trust, privacy, and vendor reliability ratings.
For the sake of avoiding dispute and possible problems, we have deleted all disputed items in our database temporarily, and have updated IObit Security 360's database."