Online Scams

Symantec plays key role in prosecuting Scan4You masterminds

Written by a NortonLifeLock employee


Vikram Thakur knows the secrets of cybercriminals. He can tap that knowledge to help put criminals behind bars. His role: expert witness for the prosecution.

Thakur took the witness stand earlier this year. On trial? Two men behind an underground malware scanning service called Scan4You. The service helped cybercriminals bilk businesses for hundreds of millions of dollars.

Thakur knows his stuff. He works for Symantec, the cyber security company. He’s a member of the company’s Security Response organization, a team of cyber threat analysts that works nonstop. And no wonder. Malicious cyber activity costs the U.S. economy alone up to $109 billion a year, according to the White House Council of Economic Advisers.

Experts like Thakur play a key role in helping law enforcement agencies prosecute cybercriminals. That includes the folks behind Scan4You.

How Scan4You paid off for its criminal clients

Scan4You operated as an underground malware-scanning service. Its work led to heady results for its criminal clients. For instance:

  • It tested malware that was used to steal 40 million credit and debit card numbers from U.S. retailers. One retailer lost around $292 million.
  • It tested the Citadel financial Trojan. The malware went on to infect more than 11 million victims. It enabled cybercriminals to steal over half-a-billion dollars.

Scan4You catered to the cybercrime community from around 2009 until 2016. It was advertised on underground forums used by the cybercrime businesses. It attracted at least 30,000 customers.

What’s the difference among malware scanning services?

Cybercrime is a complex industry. It includes big players and supports businesses like Scan4You. But not all malware-scanning services operate on the dark side. Legitimate services exist to fight cybercrime.

That’s one reason Thakur went to court — to explain the difference.

Think of the malware-scanning business as a something that can either help or hurt people. Here’s how it works in four steps:

  1. A person submits a file to a malware-scanning service to have it analyzed.
  2. The service runs the file through popular security software programs such as Norton AntiVirus.
  3. The service lists the programs that flag the file as malware. It also lists the types of malware the programs detect.
  4. The scan profiles are available to security software vendors who subscribe to the service.

Step 4 is where it can break down, Thakur says. Legitimate services share the data with the good guys, cyber-security professionals. Criminal enterprises share it with the bad guys, the malware authors.

The malware authors’ goal? To check if their creations were detected by security products.

“It’s important to distinguish between legitimate services, which allow the information security community to share information and protect customers, and illegal services which simply help malware authors try to evade detection,” Thakur says.

What wasn’t in Scan4You’s business plan

Like any well-run business, the masterminds behind Scan4You divided the labor.

Ruslans Bondars was responsible for the technical side of the service, maintaining its infrastructure and website.

Juriys Martisevs took care of customer support, usually via email or instant messaging.

But now they’re between jobs. Here’s why:

  • A Virginia court found Bondars guilty of conspiracy to violate the Computer Fraud and Abuse Act; conspiracy to commit wire fraud; and computer intrusion with intent to cause damage, and aiding and abetting.
  • Martisevs pleaded guilty in March to charges of conspiracy and aiding and abetting computer intrusions.

Sentencing is scheduled for September.

What’s next for Scan4You?

The penalties for committing cybercrimes can be severe. At the same time, they might seem light considering the damage cybercriminals do.

Here’s what lies ahead for Bondars and Martisevs:

  • The maximum penalties for conspiracy are five years in prison, a fine of $250,000, full restitution, and forfeiture of any proceeds of the crime.
  • The maximum penalties for computer intrusion are 10 years in prison, a fine of $250,000, full restitution, and forfeiture of any proceeds of the crime.

Thakur is back at his day job at Symantec, monitoring the cyber threat landscape. But he’s always willing to take a break when he's needed in court.

“Symantec is always happy to assist law enforcement agencies in prosecuting cybercrime,” he says.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.