Key service for malware developers taken offline
This week, in a coordinated international operation with the US and Finnish authorities, the High Tech Crime Team of the Netherlands Police’s National Investigations and Special Operations took down a key service for malware developers. The operation was supervised by the National Public Prosecutors' Office and its objective was to make it more difficult for cybercriminals to carry out malware attacks.
The service that has been taken down is AVCheck, one of the largest Counter Antivirus (CAV) services used by cybercriminals around the world. A CAV service allows malware developers to test if their malware will be detected by various antivirus programmes. A good CAV service is essential for carrying out malware attacks, as it allows criminals to access the networks of their victims undetected. Cybercriminals want to know if their malware will be detected by virus scanners, so they know if they can catch their victims unawares. This means that CAV services such as AVCheck play a vital facilitating role in cybercriminal ecosystems.
Criminals use malware to access computer systems, collect sensitive data, and digitally lock entire organisations out of their own systems. ‘Taking AVCheck offline is an important step in the fight against organised cybercrime,’ says Matthijs Jaspers, Team Lead of the High Tech Crime Team, ‘because it disrupts the activities of cybercriminals in the earliest stages and prevents victims.’ Moreover, in recent years the investigation has yielded key evidence on the administrators and users of AVCheck and its related services Cryptor.biz and Crypt.guru.
Other interventions
As well as taking down AVCheck, the High Tech Crime Team has deployed wider interventions, such as creating a fake login page to confront, warn, and deter users of AVCheck. As CAV services abuse legal antivirus software, the police have partnered with the antivirus collective of Project Melissa.
This operation is closely linked to Operation Endgame, which has taken down several malware services used for accessing victims’ networks. The suspects involved in Operation Endgame commonly made use of services such as AVCheck.
Stopping and preventing crime
‘Cybercriminals are often hard to track down, so it is important to invest in a broad approach so the authorities can keep a step ahead’, says Matthijs Jaspers. Joint interventions by national, international, and public-private partnerships are becoming increasingly important to prevent victims, stop crimes, and stop online crime in its tracks. Our approach is not only the classical one of investigating and prosecuting criminals, but also to use other types of interventions to enhance digital safety.