Cocky malware firms post job ads online

 

Gallery

By Reuters and Barry Collins

Posted on 3 Feb 2010 at 08:18

Arrogant malware writers are posting job vacancies online in a bid to attract new recruits, according to a leading security company.

Two companies that are hiring - at least on a contractor basis - advertise online, claims Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organisations at the Black Hat cybersecurity conference outside Washington.

What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on - such as a picture of Britney Spears getting out of her car. These people then collect a fee for each 1,000 times that the malware is downloaded.

One site, for example, pays $180 for each 1,000 times that malware is downloaded onto a US computer but less for PCs elsewhere. It refuses to pay for any downloads to Russian PCs, causing Stevens and others to strongly suspect that it, like other similar sites, is based in Russia.

"We pay your wages via the following systems: Fethard, WebMoney, Wire, e-gold, Western Union (WU), MoneyGram, Anelik and ePassporte, and PayPal," the site states.

Stevens says it's impossible to tell how many computers were infected via these companies but put the number in the millions.

It's hard to separate theft arising from these websites from other sorts of internet crime but the FBI tallied $264 million in losses from internet crime reported by individuals in 2008. The report for 2009 has yet to be released.

The cybercrime problem has become worse over the past three years as consumers and companies alike increasingly expose valuable data such as credit card numbers and banking information on the internet.