Friday, 12 August 2011

Tracking Cyber Crime: Virtest and Palevo (Private AV Checker)

Hi there, due to a recent tweet of Mikko H, regarding my 'pwning'

I've gived a fuck inside some private AV Checkers with my mate Pr0zAk due to a recent blog post of ScriptKiddieSec, finaly a big one appear vulnerable. (and it's also the first time i get into a private av checker)
virtest is a known service to help criminals to determine if their malwares are detected or not.

If you know SpyEye, the C&C of this one got a feature for communicate with the service.

Dumped login.php of virtest is also part of the network

Part of the palevo sql dump

Needless to say i've a full copy on my hard drive of sites content with huges sql db who take a very long time to get (virtest & palevo)

Inside virtest from a pwned account (not pwned with hash cracking but with another tricks)
I wonder how many accounts i will get if i decide to 'door' the login page with a mail() function each time someone try to connect on the service, maybe it's time to fear for bad guys who use these service :þ 

Main page when logged:


Exploit pack check:



AV Versions:


Account management:

Scan profiles:

Scan history (yeah the guys who have this account seem spend a lot of money for check files):

Full undetect malware

File info>General info:

'See file' contain the first bytes of your file

File info>filetype ident:

File info>filetype diagram:

File info>PE structure

Autoscan feature:

Delete log history:

Anyway guys, same remark i've says to Peter Severa & friend: learn to secure your windows (yeah lol) if you do criminal business...

Also, a colleague at MalwareIntelligence (maybe with me) will do a speak/presentation if approved on Private AV Checkers at source conference
Stay tuned.

Advertising of virtest guys:

Advertising of guys:


  1. WOW Steve you own all these kids. Keep up the good work :)

  2. Joli boulot encore une fois, ça ne manque pas de me faire sourire devant mon pc de voir à quel point ils sont parfois mauvais :')

  3. why are u thinking av checkers are Cyber Crime?

  4. virtest and palevo are involved in malwares distribution, they offer av scan service to criminals, to know if their malwares are detected or not, they don't distribute scanned file to AV + you can find (like on virtest) advertising for Zeus botnet/SpyEye service, Crypt service etc...