Start-up security firm Anvisoft was founded by a former Chinese hacker.
Security blogger Brian Krebs came across the company when users of a forum were determining whether this was a legitimate anti-virus vendor.
Krebs said: “Anvisoft had already been whitelisted by several other anti-virus and security products, but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper.”
According to Krebs, it was difficult to locate where the company was based, with numerous locations suggested, including Toronto and Freemont, California; however eventually he found that Anvisoft was based in Chengdu, a city in the Sichuan Province of China.
After looking up the internet address and reverse DNS look-ups, Krebs found that three other hosted domains at the IP address were originally registered to ‘wth rose' who he linked to the infamous Chinese hacker ‘Wicked Rose' (a.k.a. ‘Withered Rose'), real name Tan Dailin.
“In 2007, VeriSign's iDefense released a report on Rose's hacking exploits, which detailed his alleged role as the leader of a state-sponsored, four-man hacking team called NCPH (short for Network Crack Program Hacker). According to iDefense, in 2006 the group was responsible for crafting a rootkit that took advantage of a zero-day vulnerability in Microsoft Word, and was used in attacks on ‘a large DoD entity' within the USA,” Krebs said.
He also found that one of Dailin's colleagues in NCPH — a hacker nicknamed ‘Rodag' — had urged readers of his blog to download and install Anvisoft Smart Defender, calling it a "security aid from abroad" that offers "superior performance and is "very simple and beautiful".
Krebs said: “This may all be a strange coincidence or hoax. Anvisoft may in fact be a legitimate company, with a legitimate product; and for all I know, it is. But until it starts to answer some basic questions about who's running the company, this firm is going to have a tough time gaining any kind of credibility or market share.”
In response to requests from the Register, Anvisoft confirmed via a message from its official Facebook account that the report was accurate, simply stating: “Yes, it is true".