Malwarebytes claim: IObit is stealing signature databases

Before yesterday i thought Iobit was respected too. I didn't know that they were doing the "porn phishing" in order to get their products, nor that in one of their "porn phishing" pages, from time to time i get a link to the REAL youporn.

-www.iobit.com/naruto-porn.html

http://img94.imageshack.us/img94/5742/80211685.png

And no, the link doesn't give you to download iobit, it takes you to YOUPORN. And this after i deleted all Opera's private data. It happened to me twice also yesterday night, but the link doesn't always appear.

And if you don't believe that the link is actually taking you to youporn, i got it in video too. (Megaupload deleted it, saying it violated TOS).

Here's a new one:

-http://www.filefront.com/14869555/iobt.7z

EDIT: And since i am sure some devil's advocate may say that it could be site that i set up and faked (i wish i had such knowledge, but i don't), here's also the IE (which i never use) version of the video, where i come to Wilder's and click the link, from the Iobit Porn phishing site i can then click to real porn and to Iobit's download page as well:

-http://www.filefront.com/14869629/IE.7z

A mod might remove the video link, but if he does, it means that video i uploaded DOES take you to youporn, or else there is no reason to remove it, is there?

Yes. Very respectable. Every security vendor should bring the best porn to its users, in all safety.

I wonder, do they get paid from youporn per click, or do they have a fixed amount per month?

Of course there is also the probability that the link isn't really Iobit's, but some malicious person set up the page which seems to be iobit's domain and leads you to iobit's downloads and sometimes to real porn. Theoretically...


P.S. : I want my Avast to propone me some good and safe porn sites!

 

Thanks for that link I'll keep hold of that for,errr research later.

Seriously though you've made some excellent points in general,not least regarding the difficulties of persuing any legal redress within China.That country is one of the piracy hotspots of the World now so I'm guessing that copyright infringement and intellectual property laws are somewhat lacking in that country.

 

I know. And your US lawyers are automatically out of the game. Because they can't write legal paper in chinese and it's not a clever idea to go with them for oral hearing to court either, unless you want to rely to chinese interpreter.

Also, a "normal" chinese lawyer won't do. You 'd better find a specialized on copyright infringement if you want any chance of victory. This, because "ordinary" civil lawyers aren't familiar enough with copyright infringement. At least my brother isn't. He could study the law to try to pull it off, but it's your money at stake.

There are specialized lawyers that handle such cases, but they will charge you their weight in gold for that.

And you NEED a specialized one, because most likely, the chinese judge will have little to no clue of what you are trying to explain him with technical details.

Well, maybe they are trully pioneers in that! Imagine, instead of googling in blind for your porn, to be able to go to your antivirus' site and have a list of "good porn sites" certified by your AV vendor! Sorted by category to easily find what you like,etc. It could be also a good way to evade parental controls. "The PC is infected again,son. Did you go to porn sites again?". "No dad! Honestly! I was just visiting my antivirus vendor!"

 

Well I'm actually British mate but what you say makes perfect sense.If it's a legal minefield that even many Chinese lawyers struggle with it'll be impossible for foreign lawyers to make any headway.It's difficult enough to understand each other's language with the simplest of conversations never mind the nuances of legal terminology thrown in.

Also with other well publicised scandals involving,if I remember correctly,Rising against Micropoint? it seems that some companies will go to any length to step up the ladder.I was reading a post on that deleted IOBit thread before and although the poster wasn't English so I didn't fully understand it there was mention of some legal case with Kaspersky too?

I'm sure your idea for AV related porn search facilities will be endorsed by teenagers (and married men) the World over.

 

I don't know about Chinese lawyers, but my brother (who's an all-around lawyer in private practice), when i asked him, he said that honestly he has no clue, it's a very specialized field and specialized means "you pay more". And you pay more, because specialized lawyers are familiar with the law, have experience in that and KNOW how to present a case like that before a judge who usually has no clue about what the definitions database is about. I mean, my brother would be in terrible trouble trying to explain to a clueless judge what's all this about. And my brother himself would have trouble to put up a good fight, because he isn't computer savvy himself.

On the contrary the specialized ones know how to do the job.

IMHO MBAM should evaluate 1) Whether she has the money available to start legal battle (it's money that you will commit for say 2 years and you must forget about them in the meantime) and 2) Whether the chinese legislation is harsh enough to make them get a good compensation if they win. Because, if you ask any honest lawyer, he ll tell you to never start a case, where you will invest too much to get back too little.

Iobit should evaluate if she has the money to sue MBAM in USA. If she wins the result will be surely profitable enough for her, cause US law is hard on such cases.

If opening legal battles against chinese companies for copyright infringements was an easy task, probably the West wouldn't be full of counterfeit products with counterfeit logos that range from branded shoes and handbags to branded perfumes. Because you can see on the import papers which company imported them and from that , who is the supplier. Apparently few western companies bother to sue the chinese supplier. There must be a reason for that.

Yes, it would!

 

An update on the Hijack.DisplayProperties issue about which i posted yesterday.

The original article's site has posted the screenshot from IoBit too:

http://freeantivirushelp.com/blog/post/2009/10/24/IObit-Security-360-Review-and-Download.aspx

Note that even the fullstop (.) is exactly the same.

Is there any other scanner besides MBAM and Iobit which flag that particular registry key and with that name too? I doubt it.

Yet another coincidence. They get to have the exact names on non malware detections and they are also the only ones who detect those detections as MBAM's original announcement showed...

I know for sure that Avast doesn't flag that registry key and neither does SAS !

P.S.: No, that blog is not mine.

 

I agree.
The actions of IObit after this all went public are strange indeed.
Pulling the download for Security 360 looks like a "no contest" move. You gotta wonder why they did that unless they really have been caught.

New Version Available Soon
Why the new version if the old one isn't a rip-off of Malware Bites?

 

Softpedia removes IoBit from her site:

If i were Iobit and had the money (and a solid case) i 'd surely announce immediately that i proceed to lawsuit against MBAM, because the damage Iobit is receiving is huge. MBAM may complain about losing royalty fee , but this is worse damage for Iobit. By announcing the lawsuit, it would contain somewhat the damage, because it would show confidence.

 

The whole reaction of Iobit is incoherent. In their anouncement, they do 2 IMO contradictory things:

http://blog.iobit.com/archives/95.html


I don't understand how you threat the other with legal action and support your thesis of calumniation and you on the other hand "delete all disputed items" from the database. Delete them, to what end? For "avoiding dispute"? Does it change anything if they delete them? The "bomb" has already exploded! Or is it rather a message to MBAM "Let's forget all about it, we stop it both here and no hard feelings"?

 

Has anyone else noticed the blank "Security 360" page on Major Geeks?
Or did I miss a post?
It looks like they have removed the download.

http://majorgeeks.com/IObit_Security_360_d6088.html



About IOBit deleting items from their database....
They say that and then pull the Security 360 download from their own site.

 

I am not a lawyer but would it be illegal to parse report files of an application to build an own database? Since MBAM has a command line parameter that will dump the signature that causes the detection to the report there would be no reverse engineering involved. All you would do is scanning a bunch of files and parse the report.

 

The page is blank for me too. But i think it's more likely that Iobit asked Major Geeks to remove the download , awaiting the new "updated" version. Otherwise i would expect Major Geeks to put an anouncement similar to that of Softpedia.

 

I didn't proceed with an actual download, but Iobit 360 is showing as still available at www.download.com, www.fileforum.com, and www.ZDnet.com.

Iobits' own website still states "Updating...new version available soon".

 

At download.com if you click, you are re-directed to Iobit's home site and see the "new version soon".

Fileforum does have the "old" version and allows you to download.

 

Iobit should better decide soon whether to "call or fold", if she is to save any reputation left.

 

According to this blog, Major Geeks removed Iobit alright:

(2009.11.03)MajorGeeks.com has removed IOBit Security 360 from their downloads section in response to a DMCA Notice served by Malwarebytes.
(2009.11.05)SoftPedia has removed IOBit Security 360 download. The IOBit Security 360 Download page is still available.
(2009.11.05) CNET's Download.com no longer hosts the IOBit Security 360 installation file. Instead the IOBit Security 360 download link points directly to the IOBit web site.

http://www.malwareteks.com/news.php?item.294.4

 

They indeed have a new version 1.20.10.

 

and as usual they NEVER release a changelog probly...

 

Hi all,

Now this is getting interesting.
IObit have upgraded their application but MBAM have just published test results showing a noticable drop in their detection rate.
The mind now wonders why would this have occured
Source
http://www.malwarebytes.org/forums/index.php?showtopic=29772&view=findpost&p=154444

IObit Security 360

OS:Windows XP
Version:1.2.0.10
Define Version:1273
Time Elapsed:00:00:12
Objects Scanned:1857
Threats Found:367

367/1857 = 19.7%

Versus

IObit Security 360

OS:Windows XP
Version:1.1.0.30
Define Version:1269
Time Elapsed:00:00:10
Objects Scanned:1857
Threats Found:1427

1427/1857= 76.8%

Theses tests can be verified by anyone with access to new and old version of IObit+ a good bunch of 0-3 mth old malware.

How about it Littlebits, Custom scanning a folder of malware is your specialality

 

In my opinion the way IObit has been playing this has been preposterous from the start. I was mainly thinking whether they try to further obfuscate their usage of Malwarebyte's signatures or totally discard them before "coming clean".

 

This is the proof that most people needed to know for sure, now I'm pretty certain that IObit did infringe MBAM's database, if they didn't then why would they go and remove all of these signatures??

To Dr who: I have never been involved in malware testing, because you can knock off all of the BS.

I just found the similarities in the detection between IObit and MBAM, when removing malware from my clients' systems. I also notice the same with Yahoo Anti-Spy provided by CA (eTrust). Because I do believe they were also using CA (eTrust) database as well and maybe others.

I know that the MBAM Team works very hard and has come a long ways with only a small team unlike other vendors who have many developers working together. I have had issues in the past with MBAM, but that is over now.

IObit knows that they were in the wrong by stealing others hard work and even if they don't pay legally, their reputation is destroyed. Their best option now is to offer an apology and admit what they have did, maybe some will be able to forgive. They could even legally buy a license from MBAM that would makes things better.

Hopefully both MBAM and IOBit can move past this issue.

This issue really got to me now only because they stole MBAM's work, but also because the profits earned from the sales left the USA and went to China.

Since I'm from the USA, this is something that really bothers me.

Thanks.

 

My bad,i mistaken you for this guy from SSupdater so no BS intended!
http://ssupdater.com/modules/Forums/index.php?showforum=54

Will leave it at that.Piece be with you!

 

It would be very hard for IOBit to admit this and to give an apology. If they remain in silence, they can still argue a bit. If they admit with apology, the IOBit brand will be good for nothing anymore, and more and more lawsuits will come.

 

This means they were guilty as hell, but they don't have guts to admit it.

 

To be honest ... I am still not convinced. I have dumped both databases - MBAM as well as IObit. If you compare their actual content you will see that only a few parts of the signatures are identical. A large portion is not.

The problem I have is the following:
Working under the assumption that IObit has reverse engineered MBAM, why would they only use a fraction of their database? Why not the whole database instead? The signature format of MBAM isn't that complicated. Reimplementing an engine that is able to use the whole database would take about a week for an experienced developer.

In my opinion it is much more likely that IObit has outsourced the signature generation (which believe it or not is quite common ... there are plenty of indian and african companies that offer such services) and one of their contractors stole the signatures from MBAM that could be used by the IObit engine as well.