If you run an organization that runs a rogue pharmacy business and provides malicious support for fake anti-virus programs, then it’s likely you’re going to get caught. Such is the case with ChronoPay, whose offices were raided by Russian authorities at the end of July after the co-founder was arressted for allegedly launching denial-of-service attacks against payment processing firms in an attempt to undercut his competitors. The firm under inspection, ChronoPay, has been found with “mountains of evidence” that show the company running illegal anti-virus scams including MacDefender, which plauged Mac users earlier this year with fake pop-ups that scared users into thinking they had viruses, and even tricked users into supplying their credit card information via registration through the fake virus-removal app. MacDefender was crticized by Ed Bott as the start of something big, although security and malware news has been quiet last month, and the MacDefender threat itself could be diminished after this recent raid.
The last release of MacDefender occurred on June 18. ChronoPay’s offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.
Companies in the business of writing and supporting malware such as MacDefender can rake in a lot of money in a short period of time. It’s an incredibly profitable business, feeding off the fear of individuals whom become victims to the scare tactics malware and phishing scams employ. While the takedown of ChronoPay will have a significant negative impact in revenues against cyber criminals in the black market, these raids are only short-term wins.
Given fake AV’s status as a reliable cash cow, the industry is likely to bounce back rapidly. Fake AV is extremely profitable, in large part because it is easily franchised.
Individual affiliates can quickly make a lot of money. Fake AV distribution networks pay affiliates between $25 and $35 each time a victim provides a credit card to pay for the junk software.
To spread malware, companies like ChronoPay can hire affiliates who can deploy malware and get paid based on how many systems are infected (how many programs are installed). The end result is that business is profitable for all the parties involved: fake anti-virus programs can offer “malware-removal” at the same market prices as legitimate anti-malware programs (the victim doesn’t know the difference), the distributors of malware are also paid wealthy amounts based on how successful that malware is, and you can begin to see how and why these types of businesses function in black markets. MacDefender was efficient since it preyed on Windows-to-Mac converts who are unfamiliar with legitimate solutions available, and thus fell for its tricks. MacDefender, while it garnered a lot of attention, has seemingly died down and is hopefully squashed for good with ChronoPay out of the picture.
MacDefender wasn’t some malware written by a couple young adults in their basement as we’d expect — this was a rare case of serious malware backed by a company (with a lot of money and mal-intent) and its affiliates. Hopefully, if evidence against ChronoPay turns out to be the real-deal, it’ll lead to more arrests and a safer Internet. The battle is far from won when it comes ot malware, but its always comforting knowing that there’s one less threat to deal with.
[Krebs on Security via MacRumors, (Image via ZDNet)]