X
Tech

Operator of counter-antivirus service Scan4You prosecuted

The service was designed for malware developers seeking to circumvent antivirus products.
Written by Charlie Osborne, Contributing Writer
screen-shot-2018-05-18-at-06-59-29.jpg

The operator of Scan4You, an online counter antivirus product service, has been charged and convicted by US prosecutors.

On Thursday, the US Department of Justice (DoJ) said in a statement that Ruslans Bondars has been convicted after a five-day jury trial.

The 37-year-old Latvian "non-citizen," -- which means a citizen of the former USSR -- who has been living in Riga, the capital of Latvia, was charged on one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

The charges relate to Scan4You, an online service dedicated to cybercriminals and malware developers.

The system could be used to see whether or not a variety of antivirus products would detect malicious code -- which is invaluable for malware developers to ascertain before they release their creations into the wild.

Bondars operated the service from 2009 to at least 2016 and offered Scan4You to hackers in return for a fee.

Scan4You could be used to check a minimum of 35 commercial antivirus engines.

One customer of the service used the service to test malware which was released in order to cause chaos for US retailers. The result was the theft of roughly 40 million credit and debit card numbers, 70 million addresses, phone numbers, and other personally identifiable information (PII) from customers.

(Although law enforcement did not name the retailer in question, it is possible that Target was the victim based on the amount of data stolen).

In addition to this incident, another Scan4You customer apparently used the service while developing Citadel, which at its peak, infected approximately 11 million PCs in order to steal valuable financial information and account credentials.

Law enforcement says that Citadel has caused over $500 million in fraud-related losses.

"The Citadel developer took advantage of a special feature of Scan4you that allowed its integration directly into the Citadel malware toolkit through an [...] API," prosecutors added. "The API tool allowed Scan4you users the flexibility to scan malware without the need to directly submit the malware to Scan4you's website."

There may be comparisons between Scan4You and legitimate services including VirusTotal, but there is also a number of key differences.

Scan4You was specifically marketed towards cybercriminals and was advertised in the more nefarious recesses of the Internet.

In addition, the service allowed users to upload their files anonymously and without sharing any data with the cybersecurity community.

Trend Micro assisted with the operation. According to the cybersecurity firm, Scan4You gained the "hard-won trust of countless black hats," and the service was one of the most prolific antivirus engine checkers available.

A private exploit pack checked Trend Micro's web reputation system for blocked URLs in 2012, and this led to a five-year investigation and the prosecution of Bondars, alongside another administrator.

See also: SEC launches spoof cryptocurrency ICO scam website

"We've not seen a sizeable spike in users of rival services such as VirusCheckMate, so it looks like the investigation has had a real impact on the cybercrime underground," the researchers say.

Sentencing is scheduled for 21 September 2018.

"Bondars helped hackers test and improve the malware they then used to inflict hundreds of millions of dollars in losses on American companies and consumers," said Acting Assistant Attorney General Cronan of the DoJ's Criminal Division. "Today's verdict should serve as a warning to those who aid and abet criminal hackers: the Criminal Division and our law enforcement partners consider you to be just as culpable as the hackers whose crimes you enable."

10 things you didn't know about the Dark Web

Previous and related coverage

Editorial standards