According to Brian Krebs of the Krebs on Security newswire, over the last few weeks, some top fake AV promotion programs either disappeared or complained of difficulty in processing their card transactions.
"Fake AV brands such as Gagarincash, Gizmo, Nailcash, Best AV, Blacksoftware and Sevantivir.com either ceased operating or alerted affiliates that they may not be paid for current and future installations", he says in his latest security posting.
"On July 2, BestAV, one of the larger fake AV distribution networks, told affiliates that unforeseen circumstances had conspired to ruin the moneymaking program for everyone", he adds.
According to the missive sent to affiliates:
Dear advertisers: Last week was quite complicated. Well-known force majeure circumstances have led to significant sums of money hanging in the banks, or in processing, making it impossible to pay advertisers on time and in full.
The disruption, says Krebs, appears to be partially due to an international law enforcement push against the fake AV industry.
But, he adds, there may be another reason for the disruption: On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market.
As reported previously by Infosecurity, Vrublevsky was arrested for allegedly hiring a hacker to launch denial of service attacks against ChronoPay' rivals in the payments processing business.
Russian police have also raided ChronoPay's offices in Moscow, something which Krebs reports as giving police access to "mountains of evidence” that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.
Group-IB, says the researcher, a Russian computer-forensics firm that has been assisting the police in their investigation of Vrublevsky, said that the arrester of the founder, and the raids on ChronoPay's offices signify the fact that the Russian agencies want to stop the laundering of money associated with selling counterfeit medicines and fake AV software.