Declaration from IObit

[Krissy]

In response to recent rumors, we would like to release the asseveration as follows:

 

1. We have never used or copied the database of any other company.

Our database mainly comes from the online submission source: http://db.iobit.com/deal/sdsubmit/index.php

We also have various sources of malware samples from warm-hearted users, computer security communities, and major security groups from all over the world. We have to admit that it’s hard to avoid mistakes, like some silly or duplicated malware names. But there is in no way meaning that we steal any other vendor’s database.

 

2. Until now, there is NO any convincing proof to show Malwarebytes' fallacy. We ask Malwarebytes immediately stop spreading malicious rumors for hyping itself by IObit. We have many independent and objective reviewing tests and reports from 3rd parties. Any one can download and view them from this link: http://forums.iobit.com/forumdisplay.php?f=25. Or any one can perform a comparing test to see which anti-malware is superior. By its own database and advanced detection technology, IObit Security 360 scans faster, detects and removes more malware than any other anti-malware vendors, including Malwarebytes. Why a superior vendor need steal database from a lower-class one?

 

3. For the sake of avoiding disputes and possible problems in malware naming, we have deleted all disputed items in our database temporarily and updated IObit Security 360’s database. We apologize for any inconvenience. However, currently we have become the victim of rumors and tricks. All these rumors have caused fatal and serious effect to our good name and reputation. We will greatly appreciate if you - our valued friends could help us clarify the truth: Tell the truth to the people who are confused by these dangerous rumors; Post the truth on the forums or blogs where the rumors are spread.

 

4. In consideration of Malwarebytes’ fallacy and calumniation, and its terrible effect to our company, products and reputation, we hereby demand that Malwarebytes immediately discontinue spreading all rumors regarding this issue. Otherwise we will consider all appropriate action to protect our legal rights.

 

Thanks for the always and great support for IObit.

 

The 1st Technical Analysis Report

 

After carefully tracing and investigating the history of IObit’s database, we find that someone used the submission page which is disabled now (http://db.iobit.com/deal/sdsubmit/index.php) to submit malware samples with the same names from Malwarebytes. Due to the flaws of our old sample analyzing system and database management, some silly or duplicated malware names passed through the verification. This mistake can be understood because it is very normal - Many enthusiastic IObit users find there are samples missed by IObit Security 360 but detected by other anti-malware products, then they would submit these samples to us and provide names defined by other anti-malware vendors.

 

Let’s take a look and analyze the accusation from Malwarebytes.

 

a) They said we used the sample with the same name as “Don’t.Steal.Our.Software.A.” defined by them. Actually, this is a mistake that one of our analyzer carelessly and directly used the sample “Don’t.Steal.Our.Software.A.” submitted by a user.

Dont.Steal.Our.Software.A, File, G:\Nothing Much\Anti-Spyware\Malwarebytes’ Anti-Malware v1.39\Key_Generator.exe, 9-30501

“Key_Generator.exe” is an existing malware to crack Malwarebytes products. In order to avoid the confusion, now we define such keygens and keygens for IObit products as “Trojan.Gen”to distinguish the same names from Malwarebytes.

 

b) Malwarebytes also made a trap: They made up fake malware of “dummy.exe”, “rogue.exe”, “fake.exe” to trap us. But the truth tells - It’s very ridiculous and has a wrong logic. There are hundreds of malware coming up everyday and many malware have very similar or even the same “signature code”. We did catch malware, by DOG heuristic engine, with the same “signature code” of the “made-by-malwarebytes” programs.

For example, rogue.exe has the same signature code with the malware “NOTSURE.dll” (VirusTotal: http://www.virustotal.com/analisis/ecdf9edc78116f633d3d26e20c3bb4931cdcaadeb39d5ec8bfce05953f46b022-1257255852). “NOTSURE.dll” was submitted by someone called “KXX” and described as “Rogue.AVCleanSweepPro” detected by Malwarebytes. Our analyzer carelessly used it with the same name. Now this kind of malware is renamed as “Heuristic.newTrojan” in IObit Securoty 360. (See pictures attached)

 

Conclusions:

1) No real proof shows that IObit cracked and stole database of any other vendors. In fact, IObit Security 360 has a faster and more abundant database than most other vendors.

2) There are holes and problems in IObit malware submission procedure and database management. We will fixed the problems and improve our work and our products ASAP.

[Krissy]

Let's Share our Testers' Result

 

The tests of detection rate are from our users.

[Tim Xue]

As a new face in anti spyawre market, we have many various sources of malware samples from warm-hearted users, computer security fans, and major security groups from all over the world.

 

We built honeypot, FTP server to collect malware samples all over the world. I took many screenshot to show how we keep samples everyday. We have a large team to collect and analyze lots of samples everyday, if we steal their database, why our staffs are working hard everyday to analyze tuns of samples? We cannot let everyone access the malware and virus samples from our FTP server, but you can check the screenshot I took.

 

Also as a new face, we have some open submit channel like this page, http://db.iobit.com/deal/sdsubmit/index.php, everyone can submit samples here, write description for the sample submitted. I admit that maybe some of our staff didn't do enough test and put the data into our database, so there is the mistake. I don't know who submitted those wrong sample, but we will try our best to find it out.

 

Also, you can see that the dabase size are much different, ours is 4.6MB their database is 3.1MB, and they said we steal database from many vendor, please tell me who they are and why we need so many people collect and analyze the sample?

 

Also Malwarebytes CEO wrote to us before for asking us stopping our open tests but we denied. He told us that he would take some action and we did not imagine that he did such a thing: calling malwarebytes users bury IObit and IObit products (not only IObit Security 360).