A Latvian man has been sentenced to 14 years behind bars for helping to run notorious Counter Anti-Virus (CAV) service Scan4You.
Ruslans Bondars, 38, was convicted back in May of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.
A second man, Russian Jurijs Martisevs, pleaded guilty in March 2018 to offenses related to the CAV service.
Bondars is said to have operated Scan4You from at least 2009 until 2016. The platform allowed would-be hackers to test their malware against over 30 AV engines without notifying the AV vendors themselves, to help improve their chances of success.
The site is said to have had thousands of users and was indirectly responsible for the development and deployment of malware such as “Citadel” which infected over 11 million computers worldwide, and resulted in over $500 million in fraud-related losses.
Another strain of malware tested on the site was used to steal around 40m credit and debit card numbers and 70m pieces of PII from an unnamed retail store operator which lost over $290m as a result. The numbers tally with those related to an infamous 2013 breach at US retailer Target.
Security vendor Trend Micro was instrumental in helping the Feds get their man. Its recent report, The Rise and Fall of Scan4You, reveals how the vendor first caught wind of Scan4You.
It began in 2012, when Trend Micro researchers were investigating a private exploit kit called g01pack. Unusually, minutes before the exploits were used in the wild, IP addresses in Latvia checked the security vendor’s web reputation system to see if it was blocking the URLs hosting the exploits.
On further investigation, Trend Micro found that the same Latvian IP addresses were checking not only g01pack exploit URLs but many others. After handing over its findings to law enforcers in 2014 a further three-years of painstaking work followed before the individuals were identified and arrested.
Earlier this year, a UK investigation between the National Crime Agency and Trend Micro resulted in a guilty plea from the operator of a CAV site called reFUD.me site, which effectively resold Scan4You’s service.