Security

Read all 'Malwarebytes' posts in Security
November 3, 2009 10:32 AM PST

Malwarebytes accuses rival of software theft

by Elinor Mills
  • 67 comments

Malwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.

Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.

Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.

This screen shot shows IObit's product uses the same naming scheme as Malwarebytes.org.

(Credit: Malwarebytes.org)

After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware. Within two weeks, IObit was detecting the fake files and using "almost exactly" the fake names, Malwarebytes said.

"We soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database," the blog post says. "They are using both our database and our database format exactly."

Malwarebytes, which said it uncovered evidence that IObit may have stolen proprietary databases of other security vendors as well, said it plans to pursue legal action against IObit

IObit denied the allegations, saying it was a "mistake," and accused Malwarebytes of spreading "malicious rumors."

IObit said it would soon release a legal letter an explanation about the technical aspects that proves its case. In the meantime, IObit temporarily deleted all disputed items in its database to avoid "dispute and possible problems" and disabled its malware submission page, the company said in a blog post.

Basically, someone submitted samples with the name used by another vendor, the post says.

"Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal--Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors."

"There are holes and problems with IObit malware submission procedure and database management," the post concluded.

Malwarebyte's found that IObit's product detected the fake malware Malwarebytes put in its database as a test.

(Credit: Malwarebytes.org)

Originally posted at InSecurity Complex
Topics:
Corporate and legal
Tags:
Malwarebytes,
IOBit,
IP theft
Share:
Digg
Del.icio.us
Reddit
February 23, 2009 4:13 PM PST

New scareware sends you to fake Download.com reviews

by Seth Rosenblatt
  • 30 comments

Last week, BleepingComputer.com reported on how to remove a new variant of an old scareware. This new nasty, known most commonly as Antivirus2010 or Anti-Virus-1, points you to spoofed versions of Download.com, ZDNet, PCMag.com, and other software sites, demanding that you download their program to clean your computer. Of course, it does nothing of the sort, merely perpetuating the infection.

Antivirus2010, Anti-Virus-1, and other variants of the AntivirusXP infection have never been hosted on Download.com.

(Credit: Seth Rosenblatt/CNET Networks)

However, the manner and methods Anti-Virus-1 uses to get you there are extremely clever. The infection part of the malware does whatever it's been designed to do, so you can see that you've been infected with malware. What you don't realize at this point is that it's hacked your hosts file, too, so that when you go to a software site you don't ever make it to the site you're trying to get to.

You wind up on a skinned Web site that looks like the site you're expecting, but isn't. With the Download.com spoof, you can see that they're using our old design, which CNET abandoned last summer. Clicking on any link besides the download button will take you to the same page that the legitimate site would've taken you to. Hit the download button, though, and you get their fake malware remover, which in fact does the opposite, perpetuating the infection.

Removing the infection is tricky because of the differences between the variants. Some people have complained that they get locked out of their Task Manager, for example, but not all reports include that complaint. The fix that I cited for Antivirus XP 2008 may work, but users who have Windows XP Home Edition don't have a gpedit.msc. Home Edition users will have to edit their Registry directly.

Malwarebytes' Anti-Malware has proven to be one of the few malware killers that can effectively remove Antivirus XP 2008 and its variants, and it should work against the latest ones, too. The First Look video of Malwarebytes' Anti-Malware on the right will help you get started with the program.

Keep in mind that there is no substitute for cautious browsing. Don't install every Facebook app that comes your way, don't click on ads on unfamiliar sites or sites that are known vectors for attacks, and don't install software from anybody that's not a vouchsafed source.

I've pasted below the entire list from BleepingComputer of changes to your hosts file for your edification. Be warned that it may change as variants are developed.

O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com

O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com

O1 - Hosts: 217.20.175.74 a1.review.zdnet.com

O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com

O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com

O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com

O1 - Hosts: 217.20.175.74 www.reviews.download.com

O1 - Hosts: 217.20.175.74 reviews.download.com

O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk

O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com

O1 - Hosts: 217.20.175.74 reviews.pcmag.com

O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk

O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com

O1 - Hosts: 217.20.175.74 reviews.reevoo.com

O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk

O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk

O1 - Hosts: 217.20.175.74 www.reviews.techradar.com

O1 - Hosts: 217.20.175.74 reviews.techradar.com

(Via Ars Technica)

Originally posted at The Download Blog
Topics:
Vulnerabilities and attacks,
News
Tags:
Antivirus XP 2008,
virus,
malware,
Trojan,
howto-security,
Anti-Virus-1,
Antivirus2010,
Malwarebytes' Anti-Malware
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET