14 DAY TRIAL // UK authorities arrested two suspects in relation with the reFUD.me service, a website offering to provide antivirus evasion services for malware operators.
The arrests took place over the weekend, after a partnership between the UK's NCA National Cyber Crime Unit (NCCU) and security vendor Trend Micro.
A 22-year-old man and a 22-year-old woman from Colchester, Essex were taken into custody, and later freed on bail until February 2016.
The two operated the infamous reFUD.me online service that provided a wide arsenal of free and commercial tools for malware developers.
reFUD.me sold versions of Cryptex Reborn, encryption toolkit
The website gave cyber-criminals the possibility to add antivirus evasion features to their malware, mainly via the Cryptex toolkit.
This tool and all its variants, Cryptex Lite, Cryptex Advanced, and Cryptex Reborn, was used to provide encryption for the malware's code and bot-server communications.
Its most recent version, Cryptex Reborn, was deemed one of the most sophisticated such tools in recent years. Criminals could have purchased Cryptex Reborn for prices ranging from $20 per month to $90 for lifetime usage.
reFUD.me was the evil brother of VirusTotal
Besides antivirus evasion, reFUD.me also offered continuous scanning for malicious files, providing malware operators with reports whenever their code would be detectable on AV engines.
NCA says that site statistics show that over 1.2 million of such scans were carried out in the past months since the service was first launched in February 2015.
This service, named Scanwatch, was like the evil brother of VirusTotal and was added to the site at the end of June 2015. In July, Trend Micro and the NCA entered an agreement to hunt down and unmask its operators.
This is not the first time a cyber-security vendor collaborated with law enforcement, previously Kaspersky working with Dutch authorities to unmask CryptoVault creators.
You can check out a mirrored version of reFUD.me via the Wayback Machine. FUD stands for "Fully UnDetectable."
