A pair of Russian developers were accused of developing and offering services that allowed malware coders to test their samples against popular security solutions before releasing them in the wild.
Arrested in Latvia, Jurijs Martisevs pleaded guilty to a conspiracy charge, as well as to aiding and abetting computer intrusion.
The dark web service operated by Jurijs Martisevs and his associate, Ruslans Bondars, operated between 2009 and May 2017, enabling malware developers to see whether their code would be detected by security vendors. Offered as an API, their service could have easily been integrated into malware-building kits, allowing malware developers to test their samples several times before pushing them to victims.
“The SERVICE was a counter antivirus service that provides information that computer hackers used to determine whether the computer viruses and other malicious software (“malware”) they created would be detected by antivirus software, including and especially by antivirus software used to protect major United States retailers, financial institutions, and governments agencies from computer intrusions,” reads the court document. “The SERVICE operated as an antivirus clearinghouse, making it possible for users to check their files against the database of dozens of widely used brands of antivirus software. Users submitting files to the SERVICE were essentially checking their files against the ‘signatures.’ Or information about the characteristics of known malware, to determine if their files contained characteristics that antivirus companies would flag as virus or malware.”
The service, which also offered customer support to malware developer clients, seems to have also been used in 2012 by the Citadel malware, which stole more than $500 million from bank accounts.
In return for a lighter sentence and supervised release terms, Martisevs has agreed to return more than $125,000 and forgo any claims to already-seized hardware, although he may still face up to 10 years in prison for aiding and abetting charges alone.
“The defendant agrees to plead guilty to counts one and four of the indictment charging him with conspiracy, in violation of Title 18, United States Code, Section 371, and Aiding and Abetting Computer Intrusions, in violation of Title 18, United States Code, Sections 1030(a)(5)(A) and 2, respectively”, reads Martisevs official plea.