At one such as steal the virus database from Malwarebytes

How to create fast and least cost effective antivirus? Najrozsądniej will design the GUI and upchać to it the engine of another manufacturer (as it was done in very many products, e.g. in Charity Antivirus and in Polish FileMedic). What if we want to totally go after cost? We're careful not to steal the virus database and hoping that no one get into. If this can be? You can. And a great example of this is the last event which we present below.


Brazilian Elex, based in Sao Paulo decided not to worry about the licensing fees for the rights to the database of the well-known to all users in Poland software Malwarebytes Antimalware. It's almost the perfect solution often used as on-demand scanner-less as a home and the first line of computer protection-has been founded not by just any who-Martin Kleczyńskiego, which from 2008 year leads and directs the company's expansion, and supervises long-term vision for research and development.

What's going on ...

The whole affair is linked to the anti-malware software known commonly as Yet Another Cleaner or YAC.






According to Malwarebytes, the application of YAC, which is owned by Elex do Brasil Ltda Participacoes Technology Inc. based in Sao Paolo, illegally used the virus database Malwarebytes, which of course duly noted and ukrócono these practices. Not only that, in the end user license agreement the software YAC was record, which showed that YAC has benefited from viruses, Spyware Doctor, Malwarebytes Antimalware programs, STOPzilla, SpyHunter 4, SUPERAntiSpyware and Hitman Pro based Affiliate program.






At the moment it is not known how long sustained these practices. It is also not known whether YAC podkradało database. However, it is known that YAC managed to obtain certificates in the Checkmark testing, West Coast Labs and OPSWAT, however, remains a mystery, whether obtained Awards have been earned with the help of the database Malwarebytes did without them.

After the rope to thread

Employees of the Malwarebytes to make sure that YAC actually use their bases they decided to conduct a small investigation, from which it follows that:

  1. YAC is similar to the MBAM not only in appearance,
  2. Although the detection rate of YAC is much worse than the MABM, YAC virus nomenclature is in certain specific cases, almost identical to what MBAM.










Okay, but it still proves nothing. Is a different way to make sure that YAC illegally uses the MBAM. Employees labu created a special registry key HKLM\Software\ANV7845SFT, which was not malicious and was not related to any process that runs in the system. This is one of the many methods used by the staff of Malwarebytes to check whether someone illegally uses their virus database. As could be expected, the software has detected recognizing this key YAC harmful, which almost przesądzało about wine company of Sao Paulo.






As in life, to win the case in court, you must have clear evidence proving the guilt of the accused. For this purpose, uses another trick. Created a special program, which actually did nothing – only display the following message.






Signature of this program has been added to the virus database of MBAM (analysis of Virus Total) and updated the program YAC. It turned out that YAC illegally benefited from the company's virus database Malwarebytes. With such proof CEO Malwarebytes can sleep without worrying about the final result in the courtroom.

MKS vs. Arcabit


Marek Sell, photo by mks.com.pl

A similar practice that used the Brazilians took place already on our native land. When in the June 2004 year of his life he made after a long struggle with the disease mks_vira creator – Brands Sell there was a division of the company MKS. Hi crew was faithful to the previous "employer", and part of the left to formed the company ArcaBit. The problem is that the left is also the best programmers, who worked on the anti-virus mks_vir, m.in. Chief computer scientist Gregory Michalek, who currently holds the function of Director programmers in Arcabit SP. z o.o. so source code legally belonged to Arcabit, however, litigation in this case pulled today (probably from the same court, because there is no longer with whom and to fight), and yet we have the year 2015.

The trustee in bankruptcy, MKS SP. z o.o. in Warsaw sells free-hand property rights, consisting of:

-Logo of mks vir

-The right to use the Internet domain mks.com.pl

-Other components of the antivirus program.

Currently, the rights to the brand are owned by mks_vir Arcabit. Legendary program you tried to double back to life in the year 2010 and 2012, but (unfortunately) to no avail. Matthias Sell, son of mark Sella currently occupies the position of President in FileMedic SP. z o.o.


More about this dispute, we recommend reading in this order:

PS in the comments on the portal zaufanatrzeciastrona.pl the user signing as Gynvael Coldwind claims that he worked for at the time of the company's distribution Arcabit MKS and claims that the program illegally use online scanner MKS ArcaVir. When they recognized what was happening, a curious messages that are retrieved from the server ArcaVir to mks_vir: "mks_vir is so good because it uses database ArcaVir!". Delve into the topic on same source and in fact-this situation took place in the past.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.