Tag Archives: chronopay

Organization Chart Reveals ChronoPay’s Links to Shady Internet Projects

June 13, 2011

An online criminal enterprise, as tightly structured as any legitimate business corporation, was exposed in 2010. Emails and documents stolen from employees of ChronoPay — Russia’s largest online payments processor — were shared with a select group of law enforcement agencies and with KrebsOnSecurity.com. The communications provide the strongest evidence yet that a notorious rogue online pharmacy and other shady enterprises are controlled by ChronoPay executives and employees.

The leaked ChronoPay email show that in August 2010 ChronoPay CEO Pavel Vrublevsky authorized a payment of 37,350 Russian Rubles (about $1,200) for a multi-user license of an Intranet service called MegaPlan. The documents indicate that Vrublevsky ordered the service to help manage the sprawling projects related to ChronoPay’s “black” operations, including the processing of payments for rogue anti-virus software, violent “rape” porn sites, and knockoff prescription drugs sold through hundreds of Web sites affiliated with a rogue online pharmacy program called Rx-Promotion.com.

ChronoPay employees were assigned MegaPlan accounts to track payment processing issues, order volumes and advertising partnerships for these black programs. In a move straight out of the Quentin Tarantino film Reservoir Dogs, the employees adopted nicknames like “Mr. Kink, Mr. Heppner,” and “Ms. Nati.” MegaPlan offers an application that makes it simple for clients to create organizational charts, and the account paid for by ChronoPay includes a chart showing the hierarchy and reporting structure of these divisions.

ChronoPay Fueling Mac Scareware Scams

May 27, 2011

47 Comments

Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business.

Since the beginning of May, security firms have been warning Apple users to be aware of new scareware threats like MacDefender and Mac Security. The attacks began on May 2, spreading through poisoned Google Image Search results. Initially, these attacks required users to provide their passwords to install the rogue programs, but recent variants do not, according to Mac security vendor Intego.

A few days after the first attacks surfaced, experienced Mac users on an Apple support forums began reporting that new strains of the Mac malware were directing users to pay for the software via a domain called mac-defence.com. Others spotted fake Mac security software coming from macbookprotection.com. When I first took a look at the registration records for those domains, I was unsurprised to find the distinct fingerprint of ChronoPay, a Russian payment processor that I have written about time and again as the source of bogus security software.

ChronoPay’s Scareware Diaries

March 3, 2011

23 Comments

If your Microsoft Windows PC was attacked by fake anti-virus or “scareware” in the past few years, chances are good that the attack was made possible by ChronoPay, Russia’s largest processor of online payments.

Tens of thousands of documents stolen and leaked last year from ChronoPay offer a fascinating view into a company that has artfully cultivated and profited handsomely from the market for scareware, which hijacks victim PCs with fake security alerts in a bid to frighten users into paying for worthless security software.

SpamIt, Glavmed Pharmacy Networks Exposed

February 24, 2011

35 Comments

An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com.

Russian e-Payment Giant ChronoPay Hacked

December 29, 2010

15 Comments

Criminals this week hijacked ChronoPay.com, the domain name for Russia’s largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data.

ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours on Christmas day, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various services that rely on ChronoPay for processing.

Following the Money, Part II

May 18, 2010

18 Comments

A leading Russian politician has accused a prominent Moscow businessman of running an international spam and online pharmacy operation while serving as an anti-spam adviser to the Russian government. Russian investigators now say they plan to create a special task force to look into the allegations.