The Dutch Team High Tech Crime, in collaboration with international partners, has shut down the Counter Antivirus service AVCheck. This service was used worldwide by cybercriminals to make malware undetectable. According to the Dutch police, this action will prevent many new victims from being harmed.
AVCheck was one of the largest counter-antivirus services worldwide. Malware developers could use it to test whether antivirus programs detected their malicious software. With this knowledge, criminals adapted their malware until it was no longer recognized by security software.
The service played a facilitating role in the cybercriminal ecosystem. Malware that remains undetected by virus scanners can be used to create new victims. This gives criminals access to computer systems, allowing them to collect sensitive information and bring entire organizations to a digital standstill.
International cooperation
The operation was the result of coordinated cooperation between the Netherlands, the United States, and Finland. The High Tech Crime Team of the National Investigation and Intervention Unit carried out the operation under the authority of the National Public Prosecutor’s Office.
“Taking the AVCheck service offline marks an important step in the fight against organized cybercrime,” says Matthijs Jaspers, team leader at Team High Tech Crime. “This allows us to disrupt cybercriminals as early as possible in their operations and prevent victims from falling prey to them.”
Evidence gathered against users
The investigation also yielded important evidence about the administrators and users of AVCheck. In addition, evidence was gathered against users of the affiliated services Cryptor.biz and Crypt.guru.
In addition to taking down the service, Team High Tech Crime deployed broader interventions. A fake login page was put online to address, warn, and deter AVCheck users. Cooperation was also sought with antivirus parties from Project Melissa.
The action is closely linked to Operation Endgame, which previously took down several malware services involved in gaining initial access to victim networks.
Tip: International ‘Operation Endgame’ deals sensitive blow to cyber criminals