The US law enforcement, in coordination with global efforts, has disrupted counter-antivirus (CAV) operations by shuttering four leading domains offering these services.
According to a Department of Justice (DOJ) press release, the seizure of these domains and their associated servers was part of an effort to disrupt the “online software crypting syndicate” helping cybercriminals evade detection.
Crypting scrambles malware codes to avoid antivirus scans, and when paired with CAV software, helps attackers slip past defences and gain unauthorized access to systems.
“Cybercriminals don’t just create malware; they perfect it for maximum destruction,” said the release, citing FBI Houston Special Agent in Charge Douglas Wiliams. “By leveraging counter antivirus services, malicious actors refine their weapons against the world’s toughest security systems to better slip past firewalls, evade forensic analysis, and wreak havoc across victims’ systems.”
The FBI Houston helped cripple the global cyber syndicate, seize its most lethal tools, and neutralize the threat it posed to millions around the world, the statement added.
AVCheck among the seized services
While the DOJ release did not include the names of the domains seized, a separate announcement from the Dutch authorities confirmed the seizure involved leading crypting domains, including AVCheck[.]net, Cryptor[.]biz, and Crypt[.]guru, each of which now displays a seizure notice saying “This website has been seized”.
The authorities called AVCheck “one of the largest CAV services.” According to screenshots captured by the Wayback Machine (maintained by Internet Archive), AVCheck allowed cybercriminals to test their malware and domains or IP for evasion with 26 popular antivirus engines.
After using AVCheck to identify detection points, criminals turned to crypting services like Cryptor.biz and Crypt.guru to alter the code so antivirus programs wouldn’t recognize it.
“Taking AVCheck offline is an important step in the fight against organised cybercrime,” Matthijs Jaspers, team lead of the High Tech Crime Team of the Netherlands Police’s National Investigations and Special Operations, said. “because it disrupts the activities of cybercriminals in the earliest stages and prevents victims.”
Takedown was part of ‘Endgame’ operation
According to the Dutch officials’ statement, the seizure is closely linked to Operation Endgame, a law enforcement operation that conducted the largest botnet takedown exactly a year ago.
The DOJ said that undercover purchases and service analysis confirmed that the websites supported cybercrime. Court documents alleged investigators linked emails and data to ransomware groups targeting victims globally.
“Modern criminal threats require modern law enforcement solutions,” the statement added, citing US Attorney Nicholas J Ganjei. “As cybercriminals have become more sophisticated in their schemes, they have likewise become more advanced in their efforts to avoid detection.”
With this syndicate shut down, there is one less provider of malicious tools for cybercriminals out there, Ganjei added. In January, the FBI had led a coordinated takedown of similar cybercrime sites, crypting services included, such as Cracked.to, and Nulled.to, in a global operation, dubbed Talent.
The original article found on Ransomware-Bande erpresst Volkswagen | CSO Online Read More
