Police have arrested two people from Essex on suspicion of operating a so-called “crypting” website offering services to help criminals overcome antivirus software and disguise malware.
Crypting services typically test malware against all antivirus tools to see how many of them detect the code as malicious.
The service then runs some custom encryption routines to obfuscate the malware so that it no longer resembles any code detected by most antivirus tools.
The process is repeated until the malware is undetectable by all of the antivirus tools on the market.
The arrests follow a joint investigation led by the National Crime Agency’s (NCA) National Cyber Crime Unit (NCCU) and information security firm Trend Micro.
A 22-year-old man and a 22-year-old woman from Colchester were detained in connection with the reFUD.me website that provided a number of free and paid crypting services.
The name of the site relates to its aim of enabling malware developers to make their code “FUD”, or fully undetectable. Statistics on the website claimed that more than 1.2 million scans have been conducted since February 2015.
The site services were enabled using Cryptex Reborn, which Trend Micro said is among the most sophisticated forms of crypting seen recent years.
Malware developers could purchase a licence to download and use the product to encrypt their files – charges ranged from $20 a month to $90 for lifetime usage.
The NCA said the suspects have been released on bail until February 2016 pending further enquiries.
“This ongoing investigation shows how the NCA is taking its work with industry to combat cyber crime to the next level,” said Steve Laval of the NCCU.
“Although the website offered services designed to help circumvent antivirus software, computer users can protect themselves from most malware threats by taking some simple precautions.
“The NCA urges all internet users to ensure they have up-to-date antivirus software installed on their machines and to avoid clicking on unknown or suspicious links or email attachments.
“We will continue to work in partnership to help protect people from threats like malicious software infections and to identify and pursue suspected offenders,” he added.
Co-operation to tackle cyber crime
The NCA and Trend Micro signed a memorandum of understanding in July 2015, marking a significant step forward in co-operation between law enforcement and the information security industry in understanding and combating cyber crime.
The agreement will see the formation of a cross-organisation “virtual team”, which will seek to identify innovative ways of tackling specific cyber crime threats.
“This investigation is the result of Trend Micro’s collaboration with the NCA and other partners to tackle some of the core components that enable cyber criminal business models to exist,” said Martin Rösler, director of threat research at Trend Micro.
“Helping to take down operations such as this is part of our ongoing effort to keep the world safe for exchanging digital information, for both our customers and the internet at large.”
The NCA said internet users are encouraged to visit Cyber Streetwise and GetSafeOnline where a number of anti-malware tools are available to clean up and protect computers.