Start-up security firm Anvisoft was founded by a former Chinese hacker.
Forum users made the discovery when questioning the legitimacy of the anti-virus vendor, security blogger Brian Krebs said.
“Anvisoft had already been whitelisted by several other anti-virus and security products, but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper,” Krebs said.
Anvisoft was based in Chengdu, China, and Krebs found three other hosted domains at the IP address that were originally registered to ‘wth rose' who he linked to the infamous Chinese hacker ‘Wicked Rose' (a.k.a. ‘Withered Rose'), real name Tan Dailin.
“In 2007, VeriSign's iDefense released a report on Rose's hacking exploits, which detailed his alleged role as the leader of a state-sponsored, four-man hacking team called NCPH (short for Network Crack Program Hacker).
"According to iDefense, in 2006 the group was responsible for crafting a rootkit that took advantage of a zero-day vulnerability in Microsoft Word, and was used in attacks on ‘a large DoD entity' within the USA,” Krebs said.
He also found that one of Dailin's colleagues in NCPH — a hacker nicknamed ‘Rodag' — had urged readers of his blog to download and install Anvisoft Smart Defender, calling it a "security aid from abroad" that offers "superior performance and is "very simple and beautiful".
“This may all be a strange coincidence or hoax. Anvisoft may in fact be a legitimate company, with a legitimate product; and for all I know, it is. But until it starts to answer some basic questions about who's running the company, this firm is going to have a tough time gaining any kind of credibility or market share.”
In response to requests from the Register, Anvisoft confirmed via a message from its official Facebook account that the report was accurate, simply stating: “Yes, it is true".