The service that was taken down is AVCheck, one of the largest Counter Antivirus (CAV) services used internationally by cybercriminals. With a CAV service, malware developers can test whether their malware is detected by various antivirus programs. The use of a CAV service is an indispensable step in deploying malware, especially when gaining initial access to victim networks. A cybercriminal wants to know whether their malware is detected by virus scanners. If malware is not detected, it can be deployed to create new victims unseen. A CAV service like AVCheck thus plays a crucial facilitating role in the cybercriminal ecosystem.
Important Step in Tackling Cybercrime
With malware, criminals can gain access to computer systems, collect sensitive information, and lock entire organizations digitally. ‘Taking down the AVCheck service marks an important step in tackling organized cybercrime,’ says Matthijs Jaspers, team leader at Team High Tech Crime. ‘This disrupts cybercriminals as early as possible in their operations and prevents victims.’ Important evidence has also been gathered over the years about the administrators and users of the AVCheck service and the associated services Cryptor.biz and Crypt.guru.
Other Actions
In addition to taking down the service, Team High Tech Crime has also implemented broader interventions. For instance, a fake login page has been set up online, aimed at addressing, warning, and deterring users of AVCheck. Because a CAV misuses legitimate virus scanners, this investigation has also sought cooperation with antivirus parties from project Melissa.
This action is closely related to Operation Endgame, in which various malware services have been taken down that are involved in gaining initial access to victim networks. The suspects from this operation often use services like AVCheck.
Stopping and Preventing Crimes
‘Cybercriminals are difficult to track down. Therefore, it remains crucial to invest in a broad approach to stay one step ahead of them,’ emphasizes Matthijs Jaspers. ‘National and international intervention and public-private cooperation are becoming increasingly important. The goal is to combat victims, stop crimes, and prevent online crime from growing. We focus not only on our classic task of investigation and prosecution but also on other types of interventions to enhance digital safety.’