This article is more than 1 year old

British duo arrested for running malware encryption service

Customers freak, yell :Time to DBAN!"

Two British suspects have been arrested accused of running the refud.me encryption site VXers use to evade antivirus.

The National Crime Agency says the suspects from Colchester, Essex have been bailed until February next year.

The pair operated the refud.me service which allowed VXers to test their malware against antivirus tools for free and made cash through encryption services.

Punters paid US$20 or US$100 a month for the Cryptex crypting services, depending on licence conditions.

Operators, one known as Killamuvz, sold the service under the guise of a service for developers to protect their code.

It is clear from forum posts that the service was being enjoyed by the malware-writing industry which requires crypters to evade security software and reverse-engineering by malware analysts.

Those customers are now fretting with some urging customers to DBAN (Darik's Boot and Nuke) their machines before expected police raids. Here's a sample of the chatter among former users:

" Damn I smell a fed raid, that is usually what happens when the NCA joins in. Former clients are raided. I would be wiping my hard drive RIGHT NOW. Will save you a lot of court $$$. All former Cryptex clients WIPE YOUR DRIVES NOW!!"

Forum members plugged the skill and professionalism of the coders. Unconfirmed comments claimed the pair were married.

Trend Micro, which partnered in the bust, says the encrypting tool had undergone "several major updates" since it was first sold October 2011.

"These tools saw frequent version updates to counteract new improvements in antivirus engines," company researchers say.

"The current major iteration of the Cryptex toolkit is entitled “Cryptex Reborn” which was first advertised in September 2014."®

Note: An earlier version of this story mentioned encryption tool DarkEyE and suggested it is analogous it to the refund.me service. DarkEyE disputes this interpretation, asserting that its product "protects 32 BIT Executable from eventual tampering and cracking procedures."

The company also pointed out that it "can't know which might be the use of our customers" and that its end user licence agreement prohibits uses that breach Italian law.

More about

TIP US OFF

Send us news


Other stories you might like