Matt Berry's  Instablog

[Note: This blog is an offshoot of a larger story: Qihoo 360 Accused of Faking a Microsoft Patch. ]

A Disinformation war between Kingsoft and Qihoo 360?

08/05/2012 (see 08/04/2012 update at end of blog)

CEO of Kingsoft responding to what I'm calling "cloned smears" (See 08/03/2012 entry below):

"The face of this "Gold Mountain defender patch" incident, Fu Sheng, CEO of Kingsoft Internet microblogging statement said: "In fact, Microsoft does have an IE6 upgrade IE8 plans, including 360 invited, Jinshan, including the number of partners to participate. only Jinshan honestly help Microsoft to upgrade to ie6 ie8, 360 but by the opportunity to trick users to install the browser 360. 360 things brought to light after the crazy dirty water splashed to Jinshan. " http://bit.ly/QDevI6

08/03/2012

As if the issue were not confusing enough, articles today emerge accusing Kingsoft of virtually the same abuse, and using pretty much the same language as found in the charges leveled against Qihoo. (The link I had placed here no longer points to the same article.)

It is almost comical how identical the accusations are. Search for ""补丁门"又有最新进展，或许是迫于舆论指责和微软的压力" and both Qihoo and Kingsoft accusations emerge next to each other. Just change the name and the patch code and its a "story"!

(click to enlarge)

You can see the above here in a Google search. For a google translation try it in this Baidu search, here.

So far a news search of the above string ( ""补丁门"又有最新进展，或许是迫于舆论指责和微软的压力" ) in Google will yield the accusation against Kingsoft, but news searches in Baidu only yield those accusations laid against Qihoo.

General searches (outside of the news) on both engines yielded results for both.

Here is the text comparing two articles, one accusing Kingsoft and the other accusing Qihoo (run through the Google translator).

Here's another "cloned smear." I got this through the news.google.com search "黑色收入占九成", which google translates as "black income accounted for 90% of the):

(click to enlarge)

08/04/2012

Didn't get very far on this one, but a blogger in China made a nice observation, which I looked into and upon which I will elaborate:

1.The fake patch attributed to Kingsoft had a 2009 date next to it. Qihoo's has 2012.

2. The patch attributed to Qihoo took on a unique code. The one attributed to Kingsoft was identical to a patch independently attributed to Microsoft (see link below).

3. Bloggers and the CEO of Kingssoft have said that Qihoo's patch installed its own browser, while Kingsoft's patch really did update the Internet Explorer.

4. The official KB660001 patch was available before either Kingsoft's security guards existed or the new browser existed. As you can see a patch with the same code/name was offered independently in 2010, with a 2009 date next to the download:here. The URL found on that page still worksdownload.microsoft.com/download/1/6/1/16.... However, I was not able to find KB660001 on Microsoft's official site.

This is not a slam-dunk, of course. The accusers can still say that it's possible that Kingsoft put malware under the guise of a 2009 IE8 SP Pack ... but why do that when, for example, they could have used a later update, such as the one available for Internet Explorer dated 2010? The pitch was, "your computer is in a high state of vulnerability" ... and then you want to fool them by offering a 3 year-old patch? If you're going to tell a lie, you are not limited to what's available. You can make up anything you want. In contrast, the patch attributed to Qihoo had a July 2012 date next to it.

Although not conclusive, here's some source material:

(click to enlarge)

Disclosure: I am short QIHU.