Ruslan Bondars, a 37-year-old man from Latvia was sentenced to a whopping 14 years in prison for facilitating cybercrime by creating and running a service named Scan4You that allowed malware authors to check the detection rates of their malicious code.
In the infosec industry, Scan4You is what security researchers and malware authors refer to as a "counter-anti-virus" or a "no-distribute-scanner."
Scan4You works similar to Google's legitimate VirusTotal web service, in the way that it aggregates scan engines from multiple antivirus vendors and allows a user to check files against multiple antivirus programs at the same time. The only difference is that Scan4You does not allow the antivirus engines to report results back to vendors, keeping malware detections only for itself.
Malware authors have been using services like Scan4You for years as a way to test malware before they launch it into real-world campaigns, fine-tuning their code to avoid detections.
Also: Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers TechRepublic
According to a Trend Micro report published earlier this year, Bondars set up Scan4You on this model in 2009, and it quickly became the most popular service on the market.
The cyber-security firm says that when running Scan4You, Bondars made the same mistake that all malware authors have made in the past years when configuring their no-distribute scanners.
While Bondars blocked antivirus engines from reporting back file scans, around 2012, he and many other operators forgot to block reporting of URL scans from the Trend Micro engine.
Trend Micro says that for almost five years, it received URL reputation scan queries from services like Scan4You and many others, data that helped the company detect malware distribution campaigns before they even got off the ground.
As more data piled up, Trend Micro says it shared some of these findings with the FBI and other law enforcement agencies. Even before Bondars' arrest, UK authorities arrested and sentenced to prison a man running a similar service called reFUD.me.
Bondars, too, was eventually arrested in May 2017, together with his co-conspirator, Jurijs Martisevs. The two were arrested in Riga, Latvia, and extradited to the US to face charges for running Scan4You.
According to court documents, Scan4You was hosted on Amazon Web Services servers, and malware authors had to pay to get full access to the scanner's features. Martisevs used a PayPal account in his name to process payments, which made it easier for authorities to track down the two.
US authorities say Bondars was in charge of the scanner's technical infrastructure, while Martisevs provided customer support via ICQ, Skype, Jabber, or email.
All the extensive info authorities gathered about Bondars led to a speedy five-day trial in May 2018, after which a jury found Bondars guilty.
The Latvian hacker was sentenced this Friday, September 21, to 14 years in prison, according to a copy of the sentence obtained by ZDNet.
But while US authorities sentenced Bondars for his years operating Scan4You, Trend Micro says the hacker was also behind many more other criminal activities.
The company says that Bondars had been an active member of the cyber-crime community since 2006 when he started as a member of Eva Pharmacy, one of the largest and oldest pharmaceutical spam gangs at the time.
Besides distributing spam messages peddling illegal prescription drugs, Trend Micro says Bondars also helped distribute the SpyEye and ZeuS banking trojans before finding his niche in the end by running Scan4You.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.
- Nasty piece of CSS code crashes and restarts iPhones
- FragmentSmack vulnerability also affects Windows, but Microsoft patched it
- Data breaches affect stock performance in the long run, study finds
- Why the 'fixed' Windows EternalBlue exploit won't die
- Chinese police arrest hacker who sold data of millions of hotel guests on the dark web
- Mirai botnet authors avoid prison after "substantial assistance" to the FBI
- Access to over 3,000 backdoored sites sold on Russian hacking forum
- Hackers swipe card numbers from local government payment portals