Industry News

14 years prison for man who helped hackers evade detection by anti-virus software

A US court has sentenced the creator of a notorious service that helped malware authors avoid detection by anti-virus software to 14 years in prison.

Ruslans Bondars, a 37-year-old Latvian citizen, was convicted earlier this year of conspiracy to violate computer crime laws, commit wire fraud, and computer intrusion with intent to cause damage.

Bondars (also known by his online nickname of “Borland”) worked in conjunction with co-conspirator Jurijs “Garrik” Martisevs on the notorious Scan4You website.

Scan4You allowed criminals – for a monthly fee – to upload their latest malware to receive a report on whether any of a wide range of anti-virus products would detect it as malicious.

The site, which had been in existence since at least 2009, perhaps gained its inspiration from the well known (and legitimate) website VirusTotal, which allows anybody to upload potentially malicious files for free.

The fundamental difference, however, is that VirusTotal shares uploaded samples with the security community, whereas Scan4You’s counter anti-virus (CAV) service promised its users complete anonymity.

The end result was that Scan4You increased the likelihood that a piece of malware could evade detection by security software, and infect an organisation’s network.

Although Scan4You was not the only counter anti-virus service operating on the web, it rapidly became the most popular amongst online criminals.

One of the most infamous pieces of malware which took advantage of Scan4You’s service was the Citadel malware, which was then used to steal tens of millions of customer credit card details from US retail giant Target.

Citadel is thought to have infected millions of computers worldwide, inflicting hundreds of millions of dollars worth of damage.

At the time of Bondars’s conviction, a Department of Justice press release went some way to describe the sophistication of the Scan4You service:

“The Citadel developer took advantage of a special feature of Scan4You that allowed its integration directly into the Citadel malware toolkit through an Application Programming Interface, or API. The API tool allowed Scan4You users the flexibility to scan malware without the need to directly submit the malware to Scan4You’s website.”

In addition, the site advertised its service on online criminal forums, and offered technical support to its paying customers – typically delivered by Martisevs via email, ICQ, Jabber. and Skype.

The sky fell on Bondars and Martiseves in 2016, however, when their site was shut down, they were arrested by Latvian authorities, and then extradited to the United States of America.

Despite Bondars defence team arguing that there were legal uses for his Scan4You service, and that he could not be held responsible when customers used it for illegal purposes, US Judge Liam O’Grady was unsympathetic:

“There’s zero chance that you didn’t know the harm being done by the malware hackers used your service to perfect.”

Bondars, who has also been linked to pharmaceutical spam campaigns peddling illegal prescription drugs, and assisting in the distribution of banking trojans, told the court that he felt “ashamed that some of the website users used it for such terrible things.”

He’ll have plenty of time to reflect on his actions and repent, as he now begins a 14 year prison sentence.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Is this satire? It's just a dude who programmed a shitty UI that probably queries a VirusTotal-like API and returns the results of the virus scan of their file back to the user. Why didn't he just defend himself by saying that it was an anti-virus scanner to ensure that the files he downloaded weren't malicious — instead of saying that it's to "perfect" malware? This makes no sense to me, blows me away how dumb these people are.

  • His prhase trying to defend himself arguing "being ashamed bla bla…" sounds comical. He could not have been appart from what other were doing with this services. Did he something to stop them after knowing some of the cases in that time? Obviously not.
    Furthermore, he was caught in other dirty affairs which braced his charges.

    I like to read this news from time to time :)