STE WILLIAMS

British duo arrested for running malware encryption service

Two British suspects have been arrested accused of running the refud.me encryption site VXers use to evade antivirus.

The National Crime Agency says the suspects from Colchester, Essex have been bailed until February next year.

The pair operated the refud.me service which allowed VXers to test their malware against antivirus tools for free and made cash through encryption services.

Punters paid US$20 or US$100 a month for the Cryptex crypting services, depending on licence conditions.

Operators, one known as Killamuvz, sold the service under the guise of a service for developers to protect their code.

It is clear from forum posts that the service was being enjoyed by the malware-writing industry which requires crypters to evade security software and reverse-engineering by malware analysts.

Those customers are now fretting with some urging customers to DBAN (Darik’s Boot and Nuke) their machines before expected police raids. Here’s a sample of the chatter among former users:

” Damn I smell a fed raid, that is usually what happens when the NCA joins in. Former clients are raided. I would be wiping my hard drive RIGHT NOW. Will save you a lot of court $$$. All former Cryptex clients WIPE YOUR DRIVES NOW!!”

Forum members plugged the skill and professionalism of the coders. Unconfirmed comments claimed the pair were married.

Trend Micro, which partnered in the bust, says the encrypting tool had undergone “several major updates” since it was first sold October 2011.

“These tools saw frequent version updates to counteract new improvements in antivirus engines,” company researchers say.

“The current major iteration of the Cryptex toolkit is entitled “Cryptex Reborn” which was first advertised in September 2014.”

Many other similar crypters are still in operation. DarkEye is actively being sold for up to US$300 a month.

That software works by encrypting a customer’s malware using an encryption algorithm. DarkEye would execute when a user ran the customer’s malware, decrypting it and deploying the now cleartext payload.

“Any software developer wanting to protect his code properly” needs the service, the author wrote on the DarkEye shop page. ®

Sponsored:
Data Loss Prevention Data Theft Prevention

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/11/24/refudme_anti_antivirus/

  • 24/11/2015
  • adm
Comments are closed.