Summary: On June 23, a network of web sites that were distributing fake antivirus software for Windows PCs and Macs suddenly went offline. Now we know why. The head of the company that processed payments for the group is behind bars in Russia.
The fake antivirus business just got a lot less profitable.
As I noted earlier this week, the gang that was distributing Mac Defender and a slew of similar rogue Windows antivirus programs went offline suddenly on June 23. Now we know why.
My ZDNet colleague Jason O’Grady reports that Russian authorities may have busted the group that was responsible for processing payments for a large number of such gangs. More details are in this report from security researcher Brian Krebs:
Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials.
The disruption appears to be partially due to an international law enforcement push against the fake AV industry. In one recent operation, authorities seized computers and servers in the United States and seven other countries in an ongoing investigation of a hacking gang that stole $72 million by tricking people into buying fake AV.
There may be another reason for the disruption: On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market.
Krebs first linked ChronoPay to Mac Defender back in May and noted the company’s long and sordid history, including ties to the Conficker worm.
Vrublevsky was reportedly arrested on June 23 at an airport outside Moscow. That came one day after the U.S. Department of Justice announced that it had indicted two individuals from Latvia and seized more than 40 computers, servers, and bank accounts in a coordinated international raid.
The operation targeted international cyber crime rings that caused more than $74 million in total losses to more than one million computer users through the sale of fraudulent computer security software known as “scareware.”
Warrants obtained from the U.S. District Court for the Western District of Washington and elsewhere throughout the United States led to the seizure of 22 computers and servers in the United States that were involved in facilitating and operating a scareware scheme. In addition, 25 computers and servers located abroad were taken down as part of the operation, including equipment in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom.
Bringing down a couple of these gangs is good news for everyone, and the focus on payment processors is an especially effective approach. Unfortunately, the respite will probably be only temporary. There are literally hundreds of such gangs worldwide, and you can bet that some of them are ready to step into the newly created void.