Malwarebytes is accusing China-based computer security firm IObit of intellectual property theft, but IObit denied the allegations and said there were problems with its malware submission site.
Malwarebytes claims IObit stole from its database of signatures of malicious applications that its software uses for detecting malware on customer computers.
Malwarebytes discovered that IObit's Security 360 free anti-malware software was flagging a specific key generator piece of code for Malwarebytes' Anti-Malware software and using the same naming scheme, which includes the phrase "Don't Steal Our Software," according to a blog post on the Malwarebytes.org site.
This screen shot shows IObit's product uses the same naming scheme as Malwarebytes.org.
(Credit: Malwarebytes.org)After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware. Within two weeks, IObit was detecting the fake files and using "almost exactly" the fake names, Malwarebytes said.
"We soon became convinced that this was not a mistake, it was not a coincidence, it was not an isolated event, and it persisted presently in their current database," the blog post says. "They are using both our database and our database format exactly."
Malwarebytes, which said it uncovered evidence that IObit may have stolen proprietary databases of other security vendors as well, said it plans to pursue legal action against IObit
IObit denied the allegations, saying it was a "mistake," and accused Malwarebytes of spreading "malicious rumors."IObit said it would soon release a legal letter an explanation about the technical aspects that proves its case. In the meantime, IObit temporarily deleted all disputed items in its database to avoid "dispute and possible problems" and disabled its malware submission page, the company said in a blog post.
Basically, someone submitted samples with the name used by another vendor, the post says.
"Unfortunately, IObit database analyzer carelessly used the names provided by the submission. This mistake can be understood because it is very normal--Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors."
"There are holes and problems with IObit malware submission procedure and database management," the post concluded.
Malwarebyte's found that IObit's product detected the fake malware Malwarebytes put in its database as a test.
(Credit: Malwarebytes.org)Our family PC gets quite a workout. It's a five-year-old machine that runs Windows XP and is used primarily by my daughter and teenage grandson for instant messaging, e-mail, social networking, and downloading audio and video files. Since I rarely use the system, I didn't notice that its antivirus subscription had expired.
Which explains why I was a bit surprised when my grandson called when I was out of town to tell me that the PC was acting strangely. Ads appeared on the desktop as soon as Windows started and Firefox and other programs would occasionally close without warning or fail to open at all.
I immediately suspected a virus and instructed my grandson to perform a virus scan. Unfortunately, the machine's antivirus app had gone AWOL. I talked him through the process of using System Restore to revert the PC to an earlier time. This improved matters somewhat, but the system continued to act flaky.
When I returned from the trip, I started the troublesome machine and attempted to open the Microsoft Update site to make sure its copy of XP was up-to-date. But the malware had managed to disable several Windows services intermittently, including Services.msc, so Internet Explorer would shut down repeatedly.
At this point, I was seriously considering a hard-disk reformat and XP reinstall. I even had the XP installation CD in the drive and was ready to begin the process. But even though my daughter and grandson assured me that they had backup copies of all their personal files, I decided to try one more time to salvage the existing setup.
I'm very glad I did, because it turns out there were lots of vacation and holiday images and videos on the machine that hadn't been backed up. First, I installed a free copy of Malwarebytes' Anti-Malware antivirus program on the infected PC, updated the app's virus definitions, and ran a complete scan.
The initial Malwarebytes Anti-Malware scan detected 104 separate infected files and folders.
(Credit: Malwarebytes)That first scan turned up a mere 104 infected files and folders. Here's a list of the nasties the machine had picked up:
• Trojan.Vundo
• Troja.Vundo.H
• Trojan.FakeAlert
• Rogue.Installer
• Trojan.Downloader
• Trojan. Dropper
• Trojan.Agent
• Worm.KoobFace
• Rogue.AdvancedVirusRemover
• Rogue.SystemSecurity
• Adware.BHO
• Rootkit.Agent
• Spyware.Agent
• Trojan.BHO
• Hijack.LSP
• Rogue.Multiple
• Disabled.Security
After viewing the report, I rebooted the PC and ran another malware scan. This time, Malwarebytes' app found only nine infected files.
The second Malwarebytes Anti-Malware scan detected only nine infected items.
(Credit: Malwarebytes)I rebooted once more and ran yet another scan, which indicated that the PC came up clean.
The third Malwarebytes Anti-Malware scan indicated that all viruses and other malware had been removed from the infected PC.
(Credit: Malwarebytes)Once I was assured that the PC was malware-free, I revisited the Microsoft Update site to download and install all the XP security patches the machine required. Then I sprang for the $25 version of Anti-Malware to get the program's real-time virus scanning and automatic updates.
I knew all attempts to alter the user behavior that led to the infections would be futile, so instead, I instructed my daughter and grandson to run Malwarebyte's scanner each time they start the system and just before each shutdown. That was a little over two weeks ago, and so far, the PC remains free of infection. Still, you can bet I'll be paying much closer attention to that machine from now on.
(Credit:
CNET)
If you are using a Windows machine or even a Mac running Windows in a virtual environment, you need to pay attention to security. At the very least, you should always have at least one program for each of the major security threats: antispyware, antivirus, and a software firewall (if you don't already have a router-based firewall). Some antivirus suites have begun to include antispyware in their software, so if you have antivirus software, check to make sure you're covered. But if you're reading this and you don't have software to cover these three areas, we strongly suggest you visit our Download Security Center and browse through each of the categories.
To get you started, we've rounded up the top free antispyware software options. Most of these programs offer a paid upgrade with added useful features, but we made sure to only pick software that followed through and removed spyware without the need to buy during the initial trial. It's important to note that each of these programs has its own set of algorithms and different times they update their definitions, so we recommend using two antispyware programs to make sure you catch everything.
(Credit:
CNET)
Spybot Search & Destroy was one of the first antispyware options available and it still is a fairly strong contender for finding threats. Other useful tools, including Secure Shredder, complement the program's basic functionality for completely destroying files. The interface is pretty dated, but with all the added extras of this 100% free program, it's worth a look.
(Credit:
CNET)
Ad-Aware Anniversary Edition has been in the antispyware game for a long time as well. They have always been close to the top of our list for antispyware detection, but you'll need to pay for added features like scheduling and shield-based protection. With several interface refinements, faster scanning times than previous versions, and numerous other enhancements, this might be the easiest-to-use Ad-Aware yet.
(Credit:
CNET)
Spyware Terminator is a free option that offers an easy-to-understand interface and lets you schedule your scans for the time most convenient for you. The real-time protection for this program is stronger than most, but can get distracting as you'll need to personally approve many actions. Fortunately, you can designate a lower level of protection to keep you safe without all the hand-holding. This is one of our favorites at Download.com for its relatively quick scan times, free real-time protection, and the ability to designate how deep of a scan you want to use.
(Credit:
CNET)
CounterSpy makes it simple to schedule and customize spyware scans or run scans on demand, while also offering an adjustable level of real-time protection. Added features like a PC Explorer to browse running ActiveX controls and running processes are useful additions. This one offers a 15-day trial with which you'll be able to remove threats found by CounterSpy, but you'll need to pay to use this program regularly.
(Credit:
CNET)
SuperAntiSpyware Free Edition, despite its rather uninventive name, is a solid antispyware program. This program offers a number of options for the types of files you want scanned. Like many of the programs listed here, you'll need to pay for the full version of SuperAntiSpyware to unlock the ability to schedule your scans and use real-time protection.
(Credit:
CNET)
Malwarebytes is our Editors' Choice at Download.com so we recommend it as one of your choices in your antispyware arsenal. Scans are quicker than other programs in this category, and Malwarebytes is often able to distinguish between real threats and common false positives. You'll also be able to scan individual files on demand and a handy File Assassin lets you delete locked malware files. You'll need to pay to set up regularly scheduled scans and real-time protection, but with this solid program, registering is worth your money.
Last week, BleepingComputer.com reported on how to remove a new variant of an old scareware. This new nasty, known most commonly as Antivirus2010 or Anti-Virus-1, points you to spoofed versions of Download.com, ZDNet, PCMag.com, and other software sites, demanding that you download their program to clean your computer. Of course, it does nothing of the sort, merely perpetuating the infection.
Antivirus2010, Anti-Virus-1, and other variants of the AntivirusXP infection have never been hosted on Download.com.
(Credit: Seth Rosenblatt/CNET Networks)However, the manner and methods Anti-Virus-1 uses to get you there are extremely clever. The infection part of the malware does whatever it's been designed to do, so you can see that you've been infected with malware. What you don't realize at this point is that it's hacked your hosts file, too, so that when you go to a software site you don't ever make it to the site you're trying to get to.
You wind up on a skinned Web site that looks like the site you're expecting, but isn't. With the Download.com spoof, you can see that they're using our old design, which CNET abandoned last summer. Clicking on any link besides the download button will take you to the same page that the legitimate site would've taken you to. Hit the download button, though, and you get their fake malware remover, which in fact does the opposite, perpetuating the infection.
Removing the infection is tricky because of the differences between the variants. Some people have complained that they get locked out of their Task Manager, for example, but not all reports include that complaint. The fix that I cited for Antivirus XP 2008 may work, but users who have Windows XP Home Edition don't have a gpedit.msc. Home Edition users will have to edit their Registry directly.
Malwarebytes' Anti-Malware has proven to be one of the few malware killers that can effectively remove Antivirus XP 2008 and its variants, and it should work against the latest ones, too. The First Look video of Malwarebytes' Anti-Malware on the right will help you get started with the program.
Keep in mind that there is no substitute for cautious browsing. Don't install every Facebook app that comes your way, don't click on ads on unfamiliar sites or sites that are known vectors for attacks, and don't install software from anybody that's not a vouchsafed source.
I've pasted below the entire list from BleepingComputer of changes to your hosts file for your edification. Be warned that it may change as variants are developed.
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.comO1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
(Via Ars Technica)
Easy on your RAM and able to complete a Quick Scan in around 8 minutes, Malwarebytes' Anti-Malware wouldn't be as impressive if it didn't do its job well. Fortunately, it does.
The app has some nice features, too. It supports multiple- and networked-drive scanning, context menu options, including a scan-on-demand for individual files, and a FileAssassin for killing locked files.
Malwarebytes Anti-Malware is a surprisingly effective antimalware tool. And, for what it's worth, it's mighty popular. It's a relatively speedy malware remover, with the quick scan taking about 10 minutes. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.
The app has some nice features rolled in, too. It supports multiple drive scanning, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. This can help remove malware files that are so insidious that you can't delete them merely by hitting the Delete key.
The interface is simple, but pleasant-looking and well-organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, but interestingly offered up the well-kept changelog and an instant definition file update. Do note that the real-time protection is restricted to the paid version, as is the scheduler for updates and scans. Overall, though, Malwarebytes Anti-Malware is a responsive malware remover that does what it should with a minimum of fuss.
I just took a look at Malwarebytes Anti-Malware, and it's a worthwhile security application. Some users and reviewers even think it's the best free malicious-software-only engine out there, and it's true that it has a lot going for it.
The basic interface is uncluttered and easy to navigate.
(Credit: Malwarebytes)Surprisingly effective, it's a relatively speedy malicious software remover, with the quick scan taking about 10 minutes. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and threatening dangers.
Notably, Malwarebytes was one of the few malicious software removal tools that proved useful to many people in removing the Antivirus XP 2008 spyware.
The application has some nice features rolled in, too. It supports multiple drive scanning, context menu options including a scan-on-demand for individual files, and the FileAssassin option under the More Tools section for removing locked files. Testing them engendered no problems. Single-serving size file testing saw the program load fast, although I wasn't able to test the FileAssassin because I lacked a locked file.
The interface is simple, but pleasant-looking and well organized. Tabs live just below the oversized logo, with few options per tab to keep down the clutter. The installation process was fast enough, even with an instant definition file update. It interestingly offered a well-maintained change log, which was informative if not overly useful.
Like many programs these days, the freeware version can be upgraded for a fee to include more features. In this case, the $24.95 price gets you a lifelong access code to turn on real-time protection and a scheduler for updates and scans. If Malwarebytes is used as a strong second to your rolled-into-one antivirus and malicious software removal engine such as Antivir or AVG, you probably won't miss much from the paid edition. Overall, Malwarebytes Anti-Malware is a responsive malicious software remover that does what it should with a minimum of fuss.
- prev
- 1
- next
