Skip to content ↓ | Skip to navigation ↓

A federal jury convicted one of the digital criminals responsible for operating the notorious “Scan4You” counter antivirus (CAV) service.

On 16 May, the Department of Justice released a press release announcing a Virginia federal jury’s conviction of Ruslans Bondars, 37, on one count of conspiracy to commit wire fraud, one count of conspiracy to violate the Computer Fraud and Abuse Act and one count of intrusion into a computer system with the intent to cause damage. This conviction followed one year after Latvian authorities arrested Bondars along with Russian citizen Jurijs Martisevs and extradited them both to the United States for trial.

Together, Bondars and Martisevs operated Scan4You. It’s a type of CAV service that allows computer criminals to check their newest malware against antivirus software. Bad actors could therefore use Scan4You to redesign their malware so that they can evade detection.

A screenshot of (Source: KrebsonSecurity)

Scan4You said it didn’t share any of the information fed to it by criminals with antivirus software providers like Trend Micro. But that wasn’t the case. As Trend Micro explained in a blog post:

While Scan4You made sure feedback loops to Trend Micro’s servers about file scans were turned off, Scan4You also performed reputation checks of URLs, IP addresses, and domains. The way Scan4You set this up meant that all reputation scans against Trend Micro’s web reputation service were visible to us for years. Since 2012, we have collected a wealth of information on Scan4You’s operations, and in particular, information on the many reputation scans that they performed each day.

Trend Micro subsequently published a report detailing all the information it learned from Scan4You, which appeared to cease operations following the arrests of Bondars and Martisevs.

35-year-old Moscow resident Martisevs pleaded guilty back in March in a Virginia federal courtroom, reported The Daily Beast.

The Justice Department wrote in its release that Bondars’s scheduling will take place on 21 September.