Trend Micro has released details on how a three-year collaborative investigation with the FBI resulted in the eventual conviction of the two men behind a prolific counter anti-virus (CAV) service.
Russian hacker Jurijs Martisevs pleaded guilty in March 2018 while Latvian resident and former Russian citizen Ruslans Bondars was convicted after a five-day jury trial this week of conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to commit wire fraud, and computer intrusion with intent to cause damage and aiding and abetting.
From at least 2009 to 2016 the two are said to have operated the Scan4You site, which helped cyber-criminals test their wares against over 30 AV engines, giving attacks a greater chance of success.
In 2012, Trend Micro noticed some unusual activity while researching a private exploit kit called g01pack. Minutes before the exploits were used in the wild, IP addresses in Latvia checked the security vendor’s web reputation system to see if it blocked the URLs hosting the exploits.
After investigating further, the vendor said it noticed that those IP addresses were not only checking g01pack’s exploit URLs but many others.
According to a new report, The Rise and Fall of Scan4You, Trend Micro handed over its findings to law enforcers in 2014 and the two were finally arrested after a painstaking three-year investigation.
“In this case our global threat intelligence network and team of researchers proved an invaluable resource for the FBI as it honed-in on this notorious CAV service,” said chief cybersecurity officer, Ed Cabrera. “This is a big blow to cybercrime, helping to disrupt countless threat actors and prove there are consequences to their actions. We stand shoulder to shoulder with law enforcement in our efforts to secure the connected world.”
Scan4You had a huge impact on the cybercrime industry, according to the Department of Justice.
It claimed a single customer of the service tested malware subsequently used to steal 40 million credit and debit card numbers, 70 million addresses, phone numbers and other pieces of PII, costing one retailer over $290 million in losses.
The convictions come after another Trend Micro collaboration, this time with the UK’s National Crime Agency (NCA), resulted in the guilty plea earlier this year of a man who ran the reFUD.me site, ironically a de facto reseller of the Scan4You service.