Incidents

Crime and punishment

Back in December 2007 we blogged about how the Russian Federal Security Service identified and arrested the authors of Pinch.

Yesterday a whole bunch of media in different countries referenced PrevX, who were saying that the Pinch Trojan is still very active, infecting thousands of users around the world every day.

One particularly interesting article came from The Register, a UK publication, which says:

“The two suspected authors of the virus creation toolkit were arrested and questioned by Russian police in December 2007 but never prosecuted.”

These words have been reproduced in some form or another by other publications, particularly Russian ones. And of course, such statements beg the question “why haven’t the authors of Pinch been sentenced?”

As we’ve always been on the front line in the fight against Pinch, and we tracked the history of Pinch very carefully indeed, of course we’re able to answer this question.

The people who created and spread Pinch were identified, and the surnames given in the media – Ermishkin and Farkhutdinov – belong to these people. A criminal case was raised, with the investigation being carried out throughout 2008. The fact that the investigation took so long reflects the complexity of the Pinch story. At the end of December 2008, a court case started at the Kalinskii regional court in the town of Chelyabinsk.

The two defendants, who went under the names of damrai and Scratch, were accused of creating Pinch, Pinch2Pro and Parser. damrai (Farkhutdinov) was the main developer, while Scratch (Ermishkin) was responsible for Parser. The two conducted their criminal activity between 2005 – 2007.

The defendants created a range of sites – pinch2pro.ru, pinch3.ru, pinch3.com and pinch3.net – in order to sell their creations.

damrai and Scratch admitted spreading dozens of modifications of Pinch, Pinch2Pro, Pinch3 and Parser between the start of 2005 and June 2007. In electronic payments they made around 20,000 roubles a month, amounting to a total of 600,000 roubles.

The defendants were sentenced on 29th December 2008. The court statement read as follows:

Farkhutdinov Damir (DOB 1986)(aka damrai) and Ermishkin Alexey (DOB 1985)(aka Scratch) have been found guilty in accordance with part 1, Article 273 of the Criminal Code of the Russian Federation and are sentenced as follows:

Farkhutdinov D. is sentenced to a prison term of 1 year 6 months and a fine of 30,000 roubles.

Ermishkin A. is sentenced to a prison term of 1 year and a fine of 20,000 roubles.

In accordance with Article 73 of the Criminal Code of the Russian Federation, the prison terms take the form of a 2 year conditional sentence for each defendant.

During sentencing, the court took into account the defendants’ admission of guilt, regret, help accorded to investigators, and the fact that the defendants gave themselves up.

The sentence came into force on 12th January 2009.

Crime and punishment

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox