Forgot your password?
typodupeerror
Crime Security IT

Malware Gangs Run Ads To Hire New Coders 120

Posted by Soulskill
from the taking-advantage-of-the-poor-job-market dept.
An anonymous reader writes "Think crime doesn't pay? Think again: an increasingly common sight on underground cybercrime forums are ads paid for by malware writers who are looking to hire talented new programmers. The most common ads are for 'crypters' designed to disguise known malware, and 'Web injects,' plug-ins made to run alongside crime kits like ZeuS and SpyEye. Salaries range from $2,000 to $5,000 monthly, health benefits not included."
This discussion has been archived. No new comments can be posted.

Malware Gangs Run Ads To Hire New Coders

Comments Filter:
  • I'd apply if I knew the requirements and experience??

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If you are willing to post on a public forum that is likely tied to your personal email, or additionally in this case; one which can be subpoenaed for your IP address, you do not meet the requirements.

    • by Black Parrot (19622) on Tuesday June 07, 2011 @09:15PM (#36370234)

      I'd apply if I knew the requirements and experience??

      A degree in Malware Engineering and 10 years experience with Stuxnet.

      • by rk (6314)

        There needs to be a "+1 Brilliant Satire" mod for this comment. Well done.

    • If you're really good wouldn't you work for the people who CATCH those guys?

      "health benefits not included"
      Who wants health benefits--I'd want LEGAL benefits.

      • by formfeed (703859)

        If you're really good wouldn't you work for the people who CATCH those guys?

        Only 25% would. ;)

      • by tehcyder (746570)

        If you're really good wouldn't you work for the people who CATCH those guys?

        Taking a wild guess, the money working in law enforcement is less.

      • Now there's a job with horrible pay. At least where I live. And you kinda have to mostly go after "copyright crime", not much time is spent going after malware authors.

        (I mean the police department's cyber crime units)

    • by kikito (971480)

      Being an asshole is an implicit requirement.

    • by yarnosh (2055818)
      Experience with Virus Creation Lab is a must. They still use that, right?
  • by Kenja (541830) on Tuesday June 07, 2011 @07:48PM (#36369590)
    I mean, the cut in salary aside, why would I trust them to not bounce my pay check and then go "hire" someone else after taking the code I wrote? Its not like they come across as all that trustworthy and I'd be in no position to pursue legal action as I was hired to do something illegal. At least with traditional crime I can just shoot people who double cross me.
    • Is the income taxable? I am assuming there is a chance that one would be paid in cash, if paid at all?
    • by hedwards (940851) on Tuesday June 07, 2011 @08:02PM (#36369738)

      To be honest, the bigger issue would be getting busted while they get off free. I doubt very much that they'd fail to pay the money that they promise for work. They're criminals, but that doesn't mean that they'd be dumb enough to short change the person writing their code.

      Plus, what makes you think that cybercriminals are any less apt to violence than regular ones? If they're able to pay you, they're able to find you, and if they can find you then they could hire somebody to dispatch you if you so chose. Organized crime is organized crime, the internetiness of it all doesn't change that.

      • by mentil (1748130)

        A malware coder is less likely than your average drone to agree to let Thuggy hand him a sack of cash in a back alley that corpses are regularly found in. He'd require payment in Bitcoins, or a wire transfer to an offshore account belonging to an off-the-shelf bank that bounces around a dozen more shell banks (which mysteriously go bankrupt the following day). Even if their employer is an FBI informant they're unlikely to get caught.

    • by Anonymous Coward

      >with traditional crime I can just shoot people who double cross me.
      you can always malware your malware.

    • It may surprise you, but creating malware is not a crime everywhere. Using it to infect computers may be, but technically they're just creating software for a company, so yes, they'd be very normal employees with the usual normal rights to go to court for their salary.

  • Honeypot? (Score:5, Interesting)

    by NiteMair (309303) on Tuesday June 07, 2011 @07:56PM (#36369684)

    Honestly, if I was even considering writing malware, this would smell like a major sting operation.

    The group recruiting for this service must expect that plenty of white hats and/or law enforcement would apply just to see who responds. It would be asinine.

    This is one of those industries where I would expect recruitment to be a "don't call us, we'll call you" type of situation.

    • by TubeSteak (669689)

      The group recruiting for this service must expect that plenty of white hats and/or law enforcement would apply just to see who responds. It would be asinine.

      The problem isn't tracking down the people running these botnets, it is getting [random former soviet state] to give a shit and do something about it.
      You can't even count on the fact that their country has a law on the books relevant to the 'crimes' they're committing.

    • by Anonymous Coward

      This is one of those industries where I would expect recruitment to be a "don't call us, we'll call you" type of situation.

      This is exactly how they do it, I have been approached in the past. For me, I spoke at a technical conference about an exploit. That evening I was invited to a hotel room for a party (by a rather attractive woman)... at the party I was shown a backpack of money, and asked if I needed some "side-jobs". I turned them down and found an excuse to leave the party shortly after. It all seemed rather Hollywood, but they are probably fairly effective with that recruiting style.

    • by Davidcan (2243124)
      OH~~~NO! Maybe it's so bad!
    • Re:Honeypot? (Score:5, Informative)

      by Eil (82413) on Tuesday June 07, 2011 @09:58PM (#36370446) Homepage Journal

      Honestly, if I was even considering writing malware, this would smell like a major sting operation.

      It's not (yet) illegal to write any kind of software you like, no matter what its purpose. What's illegal is how it's used and/or distributed.

      If ever it became illegal to write software which exploits security vulnerabilities in software, there would be a whole community of white-hat researchers who'd be out of a job overnight.

      • by data2 (1382587)

        It's not (yet) illegal to write any kind of software you like, no matter what its purpose. What's illegal is how it's used and/or distributed.

        Sorry to disappoint you, but in Germany it is, although I do not know of any prosecution cases using this law.

    • Absolutely - sorry about this, but for once it's apt...

      1: Reply to ad
      2: Phone FBI/MI6/ETC
      3: ???
      4: Profit!!!

      Seriously, that's how it works for once.
  • by artor3 (1344997) on Tuesday June 07, 2011 @07:58PM (#36369706)

    1) Put up ads to hire malware writers
    2) Set wages low specifically to attract stupid kids
    3) Convince kids to download your toolset to work off of while developing the malware
    4) Toolset is a trojan, steal their parents credit card
    5) Profit
    6) Get away with it every time, 'cause no kid is going to cop to trying to get a job working for hackers

    Alternative explanation - it's entrapment by those 25% of hackers who work for the Feds.

    • Re:New plan (Score:4, Interesting)

      by RobDude (1123541) on Tuesday June 07, 2011 @09:53PM (#36370410) Homepage

      Actually - I've often wondered why we don't hear about more low tech cases of identify theft/credit card fraud. Maybe it's just so easy to do it with malware nobody cares.

      Post real positions on Criagslist and others for legitimate sounding work. Be selective, post realistic requirements and pay, do a phone interview. I'd even explain that, 'Hey, since this is a work from home job/telecommute job - we're going to need your college transcripts'. That makes it seem more legit. Of course, a legit job needs your SSN. I've done real work from home (software development) and they need my SSN. It was a real company, and they paid me.

      Not only would you get all of their SSN and personal info....the transcript would be worth a lot of money too. Yeah, you can open some credit cards and what not with the SSN; but have you seen how easy it is to get money for school these days? My wife barely makes over minimum wage and she was approved for SEVENTY THOUSAND DOLLARS for her first year of school. Stop and read that again. Now, granted, say half of that is tuition. That still leaves THIRTY FIVE THOUSAND DOLLARS. And it's pretty easy to get into a lot of graduate programs.....I'm doing my Master's right now and they didn't even need my GRE scores (they did require transcripts though). With relative ease and someone's information, I could apply on their behalf to a school, get accepted, get student loans, and get a LOT OF MONEY.

      Maybe there is more about this I don't know; but it seems like it would work. In this economy, I'm sure you'd get a lot of bites from your job post; for a start date 2 months in the future. After you get the info you wait, and keep collecting it from others. At the end of the two months, you apologize to everyone and say the economic downturn has caused the project to be cancelled. You have the info but haven't done anything illegal yet. Repeat 4-5 times with different information.

      Then, move, and start with the identify theft. Cha-ching. Do it in the order you collected the info; so by the time you open your first CC card, it's been 9-12 months before you got their info. They'd have a lot of trouble tracking you down. And, if the student loan thing worked out - oh man - that's a lot of money.

      Just don't get caught.

      • by jvkjvk (102057)

        Most colleges do require transcripts.

        Most colleges also require that they be sent directly from the reporting school.

        No (decent) college will accept a paper copy of transcripts that you hand them. It's just way too easy these days to creatively edit.

        Regards.

        • by RobDude (1123541)

          Yes - but I'm saying with all of the information you've collected by pretending to be a fake employer and the copy of the transcript you had them give you; you could re-request the transcripts and whatever else you need.

          Believe it or not, I actually had to do this yesterday.

          I went to the old school's website and clicked the 'Request transcript link'. I needed to provide either my old student ID number or my SSN (if I were running this scam, I'd know the SSN to enter). I also needed my name and date of bir

      • by tehcyder (746570)
        You seem to have thought this out worryingly well.
  • At those prices they are going to get crappy developers. To get a good developer who is willing to check his morals at the door, they would probably need to pay closer to ten times that.

    • At those prices they are going to get crappy developers. To get a good developer who is willing to check his morals at the door, they would probably need to pay closer to ten times that.

      I suspect that most really skilled developers would pass simply because I don't generally see really the psychology matching up. The really good devs aren't in it for money (at least as the primary motivation), they enjoy building things and not destroying the systems of uninformed n00bs or stealing their credit card numb
      • by BriggsBU (1138021)
        I prefer femaleware myself.
        • by Anonymous Coward

          Hmm, into cross dressing, hey?

    • by tehcyder (746570)

      At those prices they are going to get crappy developers. To get a good developer who is willing to check his morals at the door, they would probably need to pay closer to ten times that.

      Most people don't do crime because they know it's wrong, not because the pay's not that great.

  • Recently, I've ran into a nasty form of Vundo along side FakeAVs. When attempting to kill processes manually with Process Explorer, it will trip a behavior in that the virus will hide all folders and files, and actively delete Start Menu shortcut files from the All Users group. Not to mention disabling Task Manager and other items via registry added GPOs. Basically, a final "Fuck you. If I can't have control of this PC, neither can you"

    As an FYI, I've even mounted one of these drives via Windows BartPE boot

    • Re:Vundo and friends (Score:5, Informative)

      by iMouse (963104) on Tuesday June 07, 2011 @09:49PM (#36370394)

      Doesn't delete the Start Menu shortcuts....it moves them into a hidden folder called smtemp in your user's Temp directory. They can be restored fairly easily if you haven't already blown away everything in that folder.

      Some new variants are removing the registry key that shows the "Show Hidden Files and Folders" option from Folder Options. While re-importing the key is fairly trivial, you have to get rid of the malware first. Even better than that, they then associate any .exe file extensions with the Trojan Horse. If you remove the Trojan Horse, rundll32 asks what program you wish to launch program.exe with.

      There is a really nice reg file that someone exported and threw on a website that addresses this issue and fixes the file association. Since reg files can be run without actually opening regedit, it will import if the file association is already jacked. This file is intended for XP, but will work with Vista and 7...it just throws an error that you can ignore.

      http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip [dougknox.com]

      Fun and games. If you stop/remove the Trojan, run the command below from a command prompt with admin privs (for Vista and 7 users...XP runs the command as admin as long as you are a user with admin privs). If the malware is still running, you may still have some time to get some of your stuff moved off if you're worried about losing it or just want to restore the box.

      attrib -h /S /D C:\*.*

      The malware is cleanable and the OS is repairable, believe me....but it takes a lot of work and time to understand what the malware has already done and what changes need to be reversed.

      Hope this helps someone!

      • Saw this one today for the first time. Godder figgered out pretty easy but thanks for dougknox link - that helps my income to $2500 pm!!
      • by Zakabog (603757)

        attrib -h /S /D C:\*.*

        A bit quicker -

        cd c:\Users - Vista or Windows 7

        or

        cd c:\Documents and Settings - Windows XP

        Then

        attrib -h /S /D *

        That way it doesn't parse through EVERYTHING (program files and the windows folders would be brutal)

        Also the registry fix is basically navigate to

        HKEY_CLASSES_ROOT\exefile\shell\open\command

        Then change the command to be - "%1" %*

        Take note of whatever was before the "%1" %* before since that's the malware. Generally you can delete the file manually in safe mode or from a knoppix boot disk (you want

      • Re:Vundo and friends (Score:4, Informative)

        by Hitokiri Battousai (702935) on Wednesday June 08, 2011 @01:16AM (#36371556)
        I deal with this type of malware for a living. Once you know what it does it's quite quick to clean up a system.

        Fist off, it's foolish and counterproductive to try to remove malware by using the OS that's infected. Boot to a live CD (like BartPE so you can mount the registry) and at the very least disable it from startup. From there feel free to boot to the OS and repair the damage.

        The start menu is indeed moved to the user's Temp folder. In detail:
        smtemp\1 is the public start menu
        smtemp\2 is the user's start menu
        smtemp\3 is the public desktop (I think, I've only seen this folder once)
        smtemp\4 is the user's desktop
        It also disables the listing of recently used programs in the start menu and un-pins everything. It's easy to turn that back on.

        The following is a terrible idea:
        attrib -h /S /D C:\*.*
        as it will unhide everything on the computer.

        It's quite easy to instead just select all the profiles under \Users\, go to properties, uncheck hidden, and apply to all sub objects. Afterwards, go into each profile and rehide only the top folder of AppData and all of the files in the root of the profile (things like ntuser.dat). In XP there are a number of other folders under the profile that are hidden by default. Reference a known good computer to see which ones.

        It may also set some group policies to disable the desktop, the task manager, and disable changing the wallpaper. Delete these.

        The particular malware that does this does not alter .exe associations, but if you need to fix those, there is a far more reliable free tool from Kaspersky called AVZ. The option is under File -> System Recovery. (Tip: you can rename avz.exe to something like avz.com so you can run it. Or manually fix the association for .exe and let the tool fix the rest.)

        Another spot to look out for is IFEO debugger entries. Look under:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

        Inside you will find keys of image names (like iexplore.exe). Under each key you may see a string value called Debugger. It's data will be set to the path of the malware that's infected the computer. If such a key exists, the 'debugger' will be launched whenever you try to execute the specified image.

        That about sums it up for all of the 'modern' 'viruses'. Quite pathetic. The only reason these things work is because people are tricked into letting them through UAC. The new Mac infections function nearly identically. They require that the user enter their root password for them to install, and all they do is put themselves in the Mac's startup locations, so they're even easier to remove.
  • by Nihn (1863500)
    no health care, yea, that's a deal breaker for me....well, that and the fact I can't code to save my own life.....
  • I know many dozens of coders that are more than capable of writing malware. However I don't know any of them that cherish the idea of being a prison bitch. If it where not for that tiny fact there would be mayhem in the intertubes.

    • by tehcyder (746570)

      I know many dozens of coders that are more than capable of writing malware. However I don't know any of them that cherish the idea of being a prison bitch. If it where not for that tiny fact there would be mayhem in the intertubes.

      So fear of punishment is all that stops most coders from being criminal arseholes?
      Depressing.

  • it's the bonware that's hard
  • $2000-5000 per month? Hell, I make that doing my legitimate job (and I get full benefits + stock options). Not wroth the risk of potentially going to prison.
    • by tehcyder (746570)

      $2000-5000 per month? Hell, I make that doing my legitimate job (and I get full benefits + stock options). Not wroth the risk of potentially going to prison.

      Yes, but a lot of clever teenagers in Eastern Europe don't earn $60K a year, hard as that may be to believe.

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."

Working...