Hacker gets a whopping 14 years in prison for running Scan4You service

Ruslan Bondars run a "VirusTotal-for-crooks" operation from 2009 to 2017.
Written by Catalin Cimpanu, Contributor

Ruslan Bondars, a 37-year-old man from Latvia was sentenced to a whopping 14 years in prison for facilitating cybercrime by creating and running a service named Scan4You that allowed malware authors to check the detection rates of their malicious code.

In the infosec industry, Scan4You is what security researchers and malware authors refer to as a "counter-anti-virus" or a "no-distribute-scanner."

Scan4You works similar to Google's legitimate VirusTotal web service, in the way that it aggregates scan engines from multiple antivirus vendors and allows a user to check files against multiple antivirus programs at the same time. The only difference is that Scan4You does not allow the antivirus engines to report results back to vendors, keeping malware detections only for itself.

Malware authors have been using services like Scan4You for years as a way to test malware before they launch it into real-world campaigns, fine-tuning their code to avoid detections.

Also: Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers TechRepublic

According to a Trend Micro report published earlier this year, Bondars set up Scan4You on this model in 2009, and it quickly became the most popular service on the market.


Scan4You was the most popular no-distribute scanner, according to Trend Micro

The cyber-security firm says that when running Scan4You, Bondars made the same mistake that all malware authors have made in the past years when configuring their no-distribute scanners.

While Bondars blocked antivirus engines from reporting back file scans, around 2012, he and many other operators forgot to block reporting of URL scans from the Trend Micro engine.

Also: Forget debit cards. This is how you'll use your phone at the ATM CNET

Trend Micro says that for almost five years, it received URL reputation scan queries from services like Scan4You and many others, data that helped the company detect malware distribution campaigns before they even got off the ground.

As more data piled up, Trend Micro says it shared some of these findings with the FBI and other law enforcement agencies. Even before Bondars' arrest, UK authorities arrested and sentenced to prison a man running a similar service called reFUD.me.

Bondars, too, was eventually arrested in May 2017, together with his co-conspirator, Jurijs Martisevs. The two were arrested in Riga, Latvia, and extradited to the US to face charges for running Scan4You.

According to court documents, Scan4You was hosted on Amazon Web Services servers, and malware authors had to pay to get full access to the scanner's features. Martisevs used a PayPal account in his name to process payments, which made it easier for authorities to track down the two.

US authorities say Bondars was in charge of the scanner's technical infrastructure, while Martisevs provided customer support via ICQ, Skype, Jabber, or email.

All the extensive info authorities gathered about Bondars led to a speedy five-day trial in May 2018, after which a jury found Bondars guilty.

The Latvian hacker was sentenced this Friday, September 21, to 14 years in prison, according to a copy of the sentence obtained by ZDNet.

Also: Critical infrastructure will have to operate if there's malware on it or not

But while US authorities sentenced Bondars for his years operating Scan4You, Trend Micro says the hacker was also behind many more other criminal activities.

The company says that Bondars had been an active member of the cyber-crime community since 2006 when he started as a member of Eva Pharmacy, one of the largest and oldest pharmaceutical spam gangs at the time.

Besides distributing spam messages peddling illegal prescription drugs, Trend Micro says Bondars also helped distribute the SpyEye and ZeuS banking trojans before finding his niche in the end by running Scan4You.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards