The company – Rove Digital – is reported to be run by a group of six men who were arrested last week allegedly infecting four million PCs around the world with malware.
As reported previously by Infosecurity, ChronoPay’s founder Pavel Vrublevsky is now in jail awaiting a trial on various cybercriminal charges.
In addition, as we reported back in March, ChronoPay is also increasingly being used by scamsters behind fake anti-virus software and 'scareware' applications.
According to Brian Krebs of the Krebs on Security newswire, on Tuesday of this week, the authorities in Estonia arrested the 31-year-old founder of Rove Digital along with five of his colleagues in connection with running a complex internet click-through fraud scheme
“It turns out that ChronoPay also had two other major and early investors: Rove Digital and a mysterious entity called Crossfront Limited. This information was included in the massive trove of internal ChronoPay emails and documents that was briefly published online last year and shared with select journalists and law enforcement agencies”, he says in his latest security posting.
“Among those documents is a spreadsheet (XLS) listing all of the various shadowy companies allegedly owned and managed by ChronoPay founder Pavel Vrublevsky and associates. It lists ChronoPay B.V., the legal entity in The Netherlands that formed the initial basis of the company, as jointly owned by Gusev’s firm DPNet B.V., Red & Partners (Vrublevsky’s adult Webmaster provider) and Rove Digital OU”, he adds.
The former Washington Post e-crime reporter goes on to say that, when he met up with Vrublevsky in Moscow earlier this year, he confirmed that Tsastsin was an old friend and that Rove Digital had been a key shareholder in the company.
Further evidence of the connection between ChronoPay and Rove Digital, says Krebs, is provided in a series of internal ChronoPay emails from May 2010.
At that time, he asserts, ChronoPay was under investigation by Dutch banking regulators who suspected that the company’s intricate network of front companies and financial channels were acting in violation of the country’s anti-money laundering laws.
In a tersely worded email exchange, Krebs reports that the Dutch bank demanded a slew of additional accounting and administrative records, including “all documents that show the structure of ChronoPay BV, such as statutes, incorporation documents, names and addresses of director(s) and shareholders.”
Infosecurity notes that ChronoPay continues to be widely used by a number of East European video and music sites, most of whom do not offer conventional Visa, MasterCard or Paypal facilities.
The solution to this issue may lie in the use of prepaid debit cards, which can be purchase from many newsagents for a modest fee. Although this bumps up the price of using ChronoPay by around 2 to 3%, this may be small price to pay in return for safe continued access to what appears to be murky services.