X

Malwarebytes accuses rival of software theft

Anti-malware provider Malwarebytes says it will take legal action against China-based IObit, but IObit says it is all a mistake.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read

Malwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.

Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.

Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.

This screen shot shows IObit's product uses the same naming scheme as Malwarebytes.org. Malwarebytes.org

After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware. Within two weeks, IObit was detecting the fake files and using "almost exactly" the fake names, Malwarebytes said.

"We soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database," the blog post says. "They are using both our database and our database format exactly."

Malwarebytes, which said it uncovered evidence that IObit may have stolen proprietary databases of other security vendors as well, said it plans to pursue legal action against IObit

IObit denied the allegations, saying it was a "mistake," and accused Malwarebytes of spreading "malicious rumors."

IObit said it would soon release a legal letter an explanation about the technical aspects that proves its case. In the meantime, IObit temporarily deleted all disputed items in its database to avoid "dispute and possible problems" and disabled its malware submission page, the company said in a blog post.

Basically, someone submitted samples with the name used by another vendor, the post says.

"Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal--Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors."

"There are holes and problems with IObit malware submission procedure and database management," the post concluded.

Malwarebyte's found that IObit's product detected the fake malware Malwarebytes put in its database as a test. Malwarebytes.org