Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

IOBit Steals Malwarebytes' Intellectual Property

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

IOBit Steals Malwarebytes' Intellectual Property

Old 11-02-09, 06:25 PM
DVD Talk Platinum Edition
Thread Starter
Join Date: Jan 2000
Location: Florida
Posts: 3,533
Likes: 0
Received 0 Likes on 0 Posts
IOBit Steals Malwarebytes' Intellectual Property

Thought this was interesting:


Malwarebytes has recently uncovered evidence that a company called IOBit based in China is stealing and incorporating our proprietary database and intellectual property into their software. We know this will sound hard to believe, because it was hard for us to believe at first too. But after an indepth investigation, we became convinced it was true. Here is how we know.

We came across a post on the IOBit forums that showed IOBit Security 360 flagging a specific key generator for our Malwarebytes’ Anti-Malware software using the exact naming scheme we use to flag such keygens: Don’t.Steal.Our.Software.A.

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes’ Anti-Malware v1.39\Key_Generator.exe, 9-30501

Why would IOBit detect a keygen for our software and refer to it using our database name? We quickly became suspicious. Either the forum post was fraudulent or IOBit was stealing our database.

So we dug further. We accumulated more similar evidence for other detections, and we soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database. They are using both our database and our database format exactly.

The final confirmation of IOBit’s theft occurred when we added fake definitions to our database for a fake rogue application we called Rogue.AVCleanSweepPro. This “malware” does not actually exist: we made it up. We even manufactured fake files to match the fake definitions. Within two weeks IOBit was detecting these fake files under almost exactly these fake names.

We can’t publicly show all the evidence we found, because it is still our intellectual property: proprietary information about our database internals. But we don’t want you to have to take our word for it either, so we found a way to show you an example illustrating an indisputable pattern of theft.

Consider the file, “dummy.exe“. It is a harmless dummy executable that runs, displays a “Hello World” message box, and exits. You can see from third-party scans on VirusTotal, that no other security vendor flags this executable as malicious or even suspicious.

We created this dummy executable, then manipulated it slightly so that it matches one of the signatures in our database. We emphasize that it is still not malicious! — the signature is perfectly benign, when not in the context of actual malware, as you can see from the VirusTotal results.

We scanned the file with our own Malwarebytes’ Anti-Malware software and indeed it was flagged as “Don’t.Steal.Our.Software.A”. We scanned it with IOBit using their current build and database version and it was flagged as the same “Don’t.Steal.Our.Software.A”. We have included their log file and a screenshot of the detection. You can verify by yourself using the dummy executable and their most recent database.

We have attached two other such dummy executables to this post, so you can see for yourself. One of them, “rogue.exe“, matches our fake Rogue.AVCleanSweepPro (screenshot) definition, the other “fake.exe“, matches an Adware.NaviPromo definition (screenshot). VirusTotal results for “fake.exe” and “rogue.exe” so you can see they are benign. You can see a screenshot of our detections here.

During the course of our investigation, we uncovered additional evidence that IOBit may have stolen the proprietary databases of other security vendors as well. We are in the process of contacting these vendors.

Malwarebytes intends to pursue legal action against IOBit. We demand IOBit immediately remove all traces of Malwarebytes’ proprietary research and database from their software. We also demand IOBit be delisted from Download.com due to Terms of Service violations. This is criminal: it is theft, it is fraud, and we will not stand for it.

What can you do to help? If you feel the same way we do about this theft, we encourage you to send an email to hosting services such as Download.com and Majorgeeks.com requesting that all IOBit software be removed.

Last edited by DVDho78DTS; 11-02-09 at 06:40 PM.
Old 11-02-09, 07:09 PM
X's Avatar
Join Date: Oct 1987
Location: AA-
Posts: 10,765
Likes: 0
Received 4 Likes on 3 Posts
Re: IOBit Steals Malwarebytes' Intellectual Property

A Chinese company stealing intellectual property? I'm shocked!

Actually, I'd be more shocked if one didn't.
Old 11-03-09, 08:24 AM
DVD Talk Hero
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Re: IOBit Steals Malwarebytes' Intellectual Property

call their lawyers, get a few cease and desist orders and send them out to anyone hosting the infringing software and sue them in california
Old 11-03-09, 08:25 AM
DVD Talk Hero
Join Date: Aug 2001
Location: in da cloud
Posts: 26,196
Likes: 0
Received 0 Likes on 0 Posts
Re: IOBit Steals Malwarebytes' Intellectual Property

Originally Posted by X View Post
A Chinese company stealing intellectual property? I'm shocked!

Actually, I'd be more shocked if one didn't.
they aren't stealing, they are copying the code into their code. Malwarebytes still has their code and data
Old 11-03-09, 10:18 AM
DVD Talk Legend
Join Date: Oct 2001
Posts: 17,960
Received 19 Likes on 17 Posts
Re: IOBit Steals Malwarebytes' Intellectual Property

I wonder if a malware database can be copyrighted.

[It] is a basic premise of copyright law that there is no copyright protection for ideas and basic facts...

Thus, a database of unprotectable works (such as basic facts) is protected only as a compilation..... it would therefore not be a violation of copyright law to extract (copy) [select entries] from the database. On the other hand, it would be violation to copy the entire database, as long as the database met the Feist originality and creativity requirements.
The Fiest requirements refer to the Supreme Court ruling that you can't copyright a phonebook.

To me, it seems like the only "original" part of malwarebytes database would be their names for the various signatures. Unless the signatures themselves are specific to malwarebytes program as well.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.