Police arrest couple suspected of running malware encryption service

British police arrested a man and a woman earlier this week, suspected of operating a website which offered services to online criminals which could help them evade detection by anti-virus software.

The couple, both aged 22, were arrested in Colchester, Essex, are alleged to have run the reFUD.me website, used by malware authors to encrypt their creations, rewriting malicious code so it is no longer easily detected by anti-virus products. In this instance, “FUD” does not stand for “Fear, Uncertainty and Doubt” but “Fully UnDetectable”.

The site wasn’t being run philanthropically by its owner, who went by the handle of ‘Killamuvz’. Instead, those wishing to encrypt their malware were charged $20 per month (or $90 for lifetime usage) for a license to use the Cryptex encryption service according to a statement issued by the National Crime Agency’s National Cyber Crime Unit.

In addition, the site offered to scan malicious programs against a wide array of anti-virus products, helping criminals determine that as few security products as possible were capable of detecting their malware – increasing the chances of successful infection.

According to statistics displayed on the reFUD.me website, there have been more than 1.2 million scans via the site since February 2015.

Of course, there are legitimate services available (VirusTotal is probably the most well known) which also offer to scan files against a large number of anti-virus products, but the key difference is that reFUD.me promised it would not share uploaded files with the security community.

And the promised privacy offered to malware authors is what has made the service popular with the dark side of the web. Following the arrests earlier this week and the takedown of the reFUD.me website, however, some of the site’s former clients are expressing concern on hacking forums that they might expect a visit from the police next.

Hacking forum

Steve Laval, from the NCA’s National Cyber Crime Unit, offered the following advice to computer users:

“Although the website offered services designed to help circumvent anti-virus software, computer users can protect themselves from most malware threats by taking some simple precautions. The NCA urges all internet users to ensure they have up to date anti-virus software installed on their machines and to avoid clicking on unknown or suspicious links or email attachments.”

The National Crime Agency were helped in the investigation by experts from Trend Micro – a great example of how the infosec community can work hand-in-hand with the authorities in the fight against cybercrime.

The arrested man and woman, whose names have not been released, have been bailed until February 2016 pending further enquiries.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.