AV Evasion Mastermind Gets Two Years

Written by

An Essex man has been given two years in jail for running a website which allowed would-be hackers to test whether their malware could bypass AV filters.

Goncalo Esteves, of Cape Close, Colchester, operated the reFUD.me site which charged visitors to test their tools against anti-malware scanners.

Using the pseudonym 'KillaMuvz', he also sold custom-made malware-disguising products and offered technical support to users.

These products are known as 'crypters' — tools which can be used by black hats to help evade AV.

Esteves sold his Cryptex Lite product for $7.99/month, while a lifetime license for Cryptex Reborn cost $90. He also provided support via a dedicated Skype account and accepted payment in conventional currency, Bitcoin or even Amazon vouchers.

His PayPal account alone netted him £32,000 between 2011 and 2015, although the amount received in Bitcoin and Amazon vouchers is unknown.

“Esteves helped hackers to sharpen their knives before going after their victims. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts,” argued Mike Hulett, head of operations at the National Crime Agency’s National Cyber Crime Unit (NCA NCCU).

“He made a fair bit of money, but he’d probably have made much more, and certainly for longer, if he’d pursued a legitimate career in cybersecurity.”

The NCA also thanked Trend Micro, which helped conduct a joint operation with the agency to catch Esteves.

This came after the two parties signed an MoU in 2015 formalizing their co-operation in the form of a ‘virtual team’ comprising members of the NCCU and Trend Micro’s Forward Looking Threat Research team (FTR).

Esteves was sentenced at Blackfriars Crown Court in relation to two charges under the Computer Misuse Act.

What’s hot on Infosecurity Magazine?