Jun 13, 2011 16:30 GMT  ·  By

Security researcher and security journalist Brian Krebs claims that Russian payment processor ChronoPay hired programmers to reverse-engineer the free version of Malwarebytes' Anti-Malware in order to create an antivirus solution of its own.

In a new ChronoPay-related post on his blog, Krebs reveals new findings about the organization, who he claims is involved in all sorts of cyber criminal activities.

The researcher published screenshots from a ChronoPay internal system used to manage its "dark divisions" that deal with clients distributing scareware, running illegal online pharmacies, operating extreme adult websites and selling pirated music.

"When I visited Vrublevsky [the ChronoPay CEO] in Moscow in February, he told me of plans to launch a ChronoPay-branded anti-virus solution, and many of the documents included in this section of ChronoPay’s MegaPlan [the internal system] installation are technical papers referencing the development of different anti-virus software modules," Krebs writes.

"The documents suggest that the company has hired programmers to reverse-engineer the free version of the commercial anti-malware product Malwarebytes," he reveals.

Malwarebytes' Anti-Malware is a product often used as a companion for full-fledged antivirus programs, which specializes in the detection and removal of scareware, the exact type of business ChronoPay is said to be involved in.

It's not clear if these reverse engineering efforts directed at Malwarebytes' product are meant to find ways of evading its detection or preventing it from running properly, or if the company is interested in the code for use in its own product.

This wouldn't be the first time when another company is suspected of stealing Malwarebytes' intellectual property. Back in 2009, the US security vendor accused Chinese software firm IOBit of reverse engineering its malware signatures.

At the end of May, ChronoPay released an official statement denying any involvement in the distribution of scareware. "[We] assure both our customers and competitors that we have no involvement at all with scareware or malware and warn anyone attacking our company with likes and rumor that we will put the full weight of our company behind the appropriate legal response," the company wrote.