Two arrested for helping malware developers evade AV software

Two suspects have been arrested on suspicion of operating a website offering services to help criminals overcome and avoid anti malware software, following a joint investigation led by the National Crime Agency and Trend Micro.

The suspect’s website – reFUD.me – provided a number of functions, both free and for charge, which allowed malware developers to scan their illegal files. They would then learn whether or not they could successfully infect victims’ computers by circumventing their malware protection.

If a piece of malware was detected, changes could be made by the developer to make the file Fully UnDetectable. Statistics on the website claim that more than 1.2 million scans have been conducted since February 2015.

Crypter services were also offered, allowing malware files to be packaged and disguised using encryption. Cryptex Reborn, the form of crypting available on the forum, is among the most sophisticated developed in recent years.

Malware developers could purchase a licence to download and use the product to encrypt their files – charges ranging from $20 per month to $90 for lifetime usage.

“This ongoing investigation shows how the NCA is taking its work with industry to combat cybercrime to the next level,” said Steve Laval, from the NCA’s National Cyber Crime Unit. “Although the website offered services designed to help circumvent anti-virus software, computer users can protect themselves from most malware threats by taking some simple precautions,” said Laval. “The NCA urges all internet users to ensure they have up to date anti-virus software installed on their machines and to avoid clicking on unknown or suspicious links or email attachments.”

A Memorandum of Understanding (MOU) was agreed between the National Crime Agency and Trend Micro in July 2015, marking a significant step forward in cooperation between the two parties in understanding and combating cybercrime. The agreement will see the formation of a cross-organisation virtual team, which will seek to identify innovative ways of tackling specific cybercrime threats.

“This investigation is the result of Trend Micro’s collaboration with the NCA and other partners to tackle some of the core components that enable cybercriminal business models to exist,” said Martin Rösler, senior director of threat research, Trend Micro. “Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the Internet at large.”