Most antivirus scanners play a classic cat and rat play: They work by checking software against a routinely updated directory of potential threats. In response, a whole industry has built up to help occlude and conceal hacking tools. That includes business that automate the process of checking all sorts of tools, from malware to malevolent URLs, against dozens of security scanners to see if they are able to get impeded. The feedback facilitates bad actors know what to nip further, and what’s ready to use.
These malware checkers, known as “counter antivirus services” or “no distribute scanners, ” have become an increasing focus for both protection researchers and law enforcement. And on Wednesday, a subject against the operators of one of the more popular of these clearinghouses, Scan4You, agreed. After the security house Trend Micro created extensive data on the service to the FBI, and law enforcement probed, one of the Scan4You founders pleaded guilty and another was found guilty by a Virginia court today.
Cat and Mouse
In summer 2012, Trend Micro investigates saw some odd activity cultivating up on their threat-tracking scanner. The researchers had been investigating a malware distribution tool called “g0 1pack. ” They realized that a group of Latvian IP addresses preserved checking g01pack-related URLs against Trend Micro’s web reputation system–a tool that tracks web pleasure and can impede malevolent websites for customers. Delving deeper, health researchers discovered that the Latvian IP addresses are really establishing these checks for all sorts of URLs. The researchers were looking at a goldmine of information about the inner workings of a notorious malware checker.