A partnership between security firm Trend Micro and the United Kingdom’s National Crime Agency (NCA) resulted in the arrests of two individuals suspected of running a website that offered cybercrime services.
The suspects, a man and a woman aged 22 from Colchester, Essex, are believed to have operated a counter antivirus service called reFUD.me and a crypting service named Cryptex Reborn. They have been released on bail until February 2016.
Both the Cryptex Reborn and reFUD.me services have been disrupted as a result of the operation.
ReFUD.me, which emerged in February 2015, allowed cybercriminals to upload their malware samples to see if they would be detected by the products of various antivirus companies. ReFUD.me was similar to VirusTotal, but unlike the Google-owned scanning service, it did not share scanned files with antivirus vendors.
Before it was shut down, the reFUD.me website claimed that more than 1.2 million scans had been conducted since February 2015. One of the most recent features added to the cybercrime service, dubbed “scanwatch,” allowed users to constantly monitor the detection status of the files they uploaded.
Cryptex Reborn, the evolution of a toolkit advertised since as early as October 2011, allowed malware developers to encrypt their files in an effort to make them “Fully UnDetectable” (FUD). Malware authors could use the product after paying a $20 monthly subscription fee or $90 for lifetime usage.
The first versions of the tool, called Cryptex, Cryptex Lite and Cryptex Advanced, all surfaced in 2011. Cryptex Reborn, which is said to offer one of the most sophisticated forms of crypting seen in recent years, was first advertised on cybercrime forums in September 2014, said Trend Micro.
“This investigation is the result of Trend Micro’s collaboration with the National Crime Agency of the UK (NCA) and other partners to tackle some of the core components that enable cybercriminal business models to exist,” said Martin Rösler, senior director of The Forward-Looking Threat Research team for Trend Micro. “Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the Internet at large.”
The collaboration between Trend Micro and the NCA is the result of a memorandum of understanding signed by the two organizations in July.