14 years prison for man who helped hackers evade detection by anti-virus software

A US court has sentenced the creator of a notorious service that helped malware authors avoid detection by anti-virus software to 14 years in prison.

Ruslans Bondars, a 37-year-old Latvian citizen, was convicted earlier this year of conspiracy to violate computer crime laws, commit wire fraud, and computer intrusion with intent to cause damage.

Bondars (also known by his online nickname of “Borland”) worked in conjunction with co-conspirator Jurijs “Garrik” Martisevs on the notorious Scan4You website.

Scan4You allowed criminals – for a monthly fee – to upload their latest malware to receive a report on whether any of a wide range of anti-virus products would detect it as malicious.

The site, which had been in existence since at least 2009, perhaps gained its inspiration from the well known (and legitimate) website VirusTotal, which allows anybody to upload potentially malicious files for free.

The fundamental difference, however, is that VirusTotal shares uploaded samples with the security community, whereas Scan4You’s counter anti-virus (CAV) service promised its users complete anonymity.

The end result was that Scan4You increased the likelihood that a piece of malware could evade detection by security software, and infect an organisation’s network.

Although Scan4You was not the only counter anti-virus service operating on the web, it rapidly became the most popular amongst online criminals.

One of the most infamous pieces of malware which took advantage of Scan4You’s service was the Citadel malware, which was then used to steal tens of millions of customer credit card details from US retail giant Target.

Citadel is thought to have infected millions of computers worldwide, inflicting hundreds of millions of dollars worth of damage.

At the time of Bondars’s conviction, a Department of Justice press release went some way to describe the sophistication of the Scan4You service:

“The Citadel developer took advantage of a special feature of Scan4You that allowed its integration directly into the Citadel malware toolkit through an Application Programming Interface, or API. The API tool allowed Scan4You users the flexibility to scan malware without the need to directly submit the malware to Scan4You’s website.”

In addition, the site advertised its service on online criminal forums, and offered technical support to its paying customers – typically delivered by Martisevs via email, ICQ, Jabber. and Skype.

The sky fell on Bondars and Martiseves in 2016, however, when their site was shut down, they were arrested by Latvian authorities, and then extradited to the United States of America.

Despite Bondars defence team arguing that there were legal uses for his Scan4You service, and that he could not be held responsible when customers used it for illegal purposes, US Judge Liam O’Grady was unsympathetic:

“There’s zero chance that you didn’t know the harm being done by the malware hackers used your service to perfect.”

Bondars, who has also been linked to pharmaceutical spam campaigns peddling illegal prescription drugs, and assisting in the distribution of banking trojans, told the court that he felt “ashamed that some of the website users used it for such terrible things.”

He’ll have plenty of time to reflect on his actions and repent, as he now begins a 14 year prison sentence.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: