According to Brian Krebs, the former security correspondent for the Washington Post, if your Windows PC has been hijacked by fake anti-virus software anytime in the past few years, the chances are that the attack was made possible by Chronopay, Russia's largest processor of online payments.
"Tens of thousands of documents stolen and leaked last year from Chronopay offer a fascinating look into a company that has artfully cultivated and handsomely profited from the market for scareware" he says, adding that the e-payments service specialises in processing the transactions of so-called 'high-risk' industries.
These, he notes, include online pharmacies, tobacco sales, pornography and software sales.
Krebs asserts that a business is generally classified as high-risk when there is a great potential for credit card chargebacks and a fair chance that it will shut down or vanish without warning.
"In June 2009, The Washington Post published the results of a six-month investigation into Chronopay's high-risk business. At the time, Chronopay was one of a handful of processors for Pandora Software, the most prevalent brand of rogue software that was besieging consumers at the time", he said in his latest security blog.
"That story drew links between Chronopay and an entity called Innovagest2000, which was listed as the technical support contact in the end-user license agreements that shipped with nearly all Pandora rogue anti-virus products", he added.
Krebs says that, when he confronted Chronopay' CEO Pavel Vrublevsky in 2009 about the apparent ties between Innovagest and his company, he insisted that there was no connection, and that his company's processing services were merely being abused by scammers.
But, adds the security researcher, the recently leaked Chronopay documents paint a very different picture, showing that Innovagest2000 was but one example of a cookie-cutter operation that Chronopay has refined and repeated over the last 24 months.
"The documents show that Innovagest was a company founded by Chronopay's Spanish division, and that Chronopay paid for everything, from the cost of Innovagest's incorporation documents to the domain registration, virtual hosting and 1-800 technical and customer support lines for the company", he noted.
Judging from what Krebs reports after meeting Vrubleevsky in Moscow recently, Infosecurity notes that it seems that the Chronopay CEO now wants to "have a go" at the market for legitimate anti-virus products.
"When I met with him in Moscow, Vrublevsky told me about company plans to create and sell its own anti-virus product: Chronopay Antivirus", he said.
"At first I didn't know whether to take him seriously. But then I found a document in the [document] cache that confirmed this claim. A Russian-language document called Chronopay Antivirus Vision dated June 15, 2010, details the company’s ambitions in this market", he added.
Given Chronopay's track record, however, Infosecurity suspects that computer users will not be flocking to install Chronopay AV on their systems. But then, of course, we could be mistaken.