Ruslans Bondars was convicted for designing and operating an infamous “online counter antivirus service,” called Scan4you. The underground service let cybercriminals pay to anonymously test their malware against more than 35 antivirus engines, and then tweak them to avoid detection.
Scan4you ran from at least 2009 to May 2017, when the FBI finally shut it down and arrested 37-year-old Bondars and another suspect, Jurijs Martisevs, who were extradited to the US.
Prosecutors say at its height, Scan4you was the largest service of its kind, and helped cybercriminals inflict “hundreds of millions of dollars in losses” on US companies and consumers.
For example, one customer used the service to test malware that ended up stealing about 40 million payment card numbers. Another customer relied on Scan4you to develop the “Citadel” malware strain, which infected 11 million computers, and resulted in over $500 million in fraud-related losses.
In a way, Scan4you was a counter to services like VirusTotal, which also let anyone test malware against antivirus engines. The big difference with VirusTotal is that all data submitted to the service is shared with the rest of the IT security community, which can help tip off the public about computer threats.
“Hence, cybercriminals generally stay away from these services and opt to use other third-party services that do not share any data with AV (antivirus) companies,” said Trend Micro, a security firm that helped the FBI shut down Scan4you.
Scan4you had thousands of customers, but the service may have been a side-project for Bondars, a software developer by day who also dabbled in selling illegal prescription drugs through email spam and search engines, spreading banking malware, and running a website that sold stolen credit card information.
However, the Latvian was rather careless; he used his own personal Gmail account to help run his banking malware and let family members use Scan4you’s servers to host their personal websites.
Although Scan4you is no longer online, another shady malware testing service called VirusCheckMate remains up. But traffic to VirusCheckMate has been relatively flat since Scan4you went down, Trend Micro said.