Malware Gangs Run Ads To Hire New Coders 120
An anonymous reader writes "Think crime doesn't pay? Think again: an increasingly common sight on underground cybercrime forums are ads paid for by malware writers who are looking to hire talented new programmers. The most common ads are for 'crypters' designed to disguise known malware, and 'Web injects,' plug-ins made to run alongside crime kits like ZeuS and SpyEye. Salaries range from $2,000 to $5,000 monthly, health benefits not included."
What are the requirements??? (Score:2)
I'd apply if I knew the requirements and experience??
Re:What are the requirements??? (Score:5, Interesting)
My wife has been accepted to Vet School in Ireland. Not only does that not allow me to live in Ireland with her, I'm also unable to work without 'sponsorship'. While I've had plenty of interest, as soon as I mention my inability to work without sponsorship, they drop me like a bad habit.
The time difference, distance, viable exchange rate along with other reasons all mean I don't want to continue working at my current job.
My citizenship status makes it very difficult to find a job in Dublin. There are very few legit jobs in the US that would want me in the given situation. I'm a decent developer, but I'm nothing special. I've worked as a consultant; but if you were going to bring in an expert contractor - I don't have the experience/skills. If you are going to bring in a 'pretty good dev', you'd get a local guy.
In my situation, options are limited. I don't have much exposure to malware/scammers/etc - so I don't know how much luck I'd have earning a money with my own scams. It's also relatively unlikely that I'd be able to launch some great web startup that would fund my lifestyle. People have done it, but it's rare and they tend to be smarter, more skilled, and more dedicated than I am.
I have some savings, but once I can no longer show the ability to financially support myself; Ireland will kick me out. I still have months before it comes to that; but it very likely will happen in the next 6-9 months (I haven't moved there yet). As that deadline comes closer I'd be lying if I said I wouldn't *consider* slightly less than legal methods of earning money. I mean, even if I setup a website, printed some fliers and fixed local college kid's computers for $15 an hour, I'd be breaking the law.
Re: (Score:1)
Re: (Score:2, Flamebait)
I haven't been reading slashdot for that long, but I think this is one of the most honest posts I've ever read. Kudos, sir.
What "poor me, I've made some stupid decisions with my life such that I can only work illegally, therefore I wouldn't mind doing this illegal work"? Fuck off.
Re: (Score:1)
Re: (Score:3)
I'm a decent developer, but I'm nothing special.
I still have months before it comes to that;
As that deadline comes closer I'd be lying if I said I wouldn't *consider* slightly less than legal methods of earning money. I mean, even if I setup a website, printed some fliers and fixed local college kid's computers for $15 an hour, I'd be breaking the law.
Get a bank account, a Visa debit linked to it and look at the freelancing sites (elance.com and the like). 6-9 months may be long enough to bump your credit as a decent developer.
Re: (Score:2)
Thanks for the advice. I've been looking into a few of those sites and am planning on giving it a go. I've been doing a lot of desktop development in recent years so I'm currently brushing up on the web side of things to try and make myself more marketable.
Re: (Score:2)
Remote sysadmin option (Score:2)
The tricky thing is not doing the work but finding someone that will take you on in the first place. In the case above there was apparently not much local interest in the
Re: (Score:2)
That's certainly something to keep in mind. My first job after college was more of an administrator type role than a development role; but I'm afraid I'm a bit under-qualified. I've got two (mostly worthless) MCP exams for Windows Server Admin from years back.
Don't get me wrong, I think I'd be able to do a pretty good job, given the chance. But I think it'll be hard to get my foot in the door, so to speak. I done it just yet, but I'll start to 'network' with some of my friends/ex-coworkers and see if an
Re: (Score:3)
Well, in Europe salaries do not fluctuate that much between toilet cleaner and C-level exec. And with our progressive tax system (I pay about 50% for tax, healthcare and whatever else mandatory "we don't even ask you whether you want to have it" insurances and state ordered "goodies" there are) the difference gets even lower. Even at my level, salaries don't really push the 100k annually too much.
It might surprise you, but I'm happy with it. Yes, my job would probably pay me at the very least twice the mone
Re: (Score:2)
Well, honestly, considering that minimum wage is 4.something per hour in some areas of the US (grossing about 8k a year) while C-levels rarely go home with less than 200k+ annually, I'd say a bracket of 14-85k isn't THAT outrageous. I'm a firm believer in different pay for different jobs and more money for more education (although I'd also be for more money for harder work, I've done bricklaying and hauling crap to get through college, and trust me, these people don't earn half of what they'd deserve!), so
Re: (Score:1)
I'm glad you're happy with the 'lower salary' right now - and I hope you're still happy with as it gets lower (or stays the same as the cleaners get more), because most European countries consider themselves to have terrible wage disparity (no, we don't consider 'better than the US' as good enough) and are seeking to level the playing field.
That's not true at all. Just look at politician's salaries.
I mean a normal low-level local politician is paid 116k euros for ... not turning up at any meeting (most of them don't bother showing up most of the time). A national politician easily makes 5 times that, a minister easily 10 times that (we're talking > 1 million annually, 2 cars *including* drivers, a budget that dwarfs their pay for travel, private jets, ...) and ... of course ... minister level and up is tax-free.
And that's not nearly the sam
Re: (Score:2, Insightful)
If you are willing to post on a public forum that is likely tied to your personal email, or additionally in this case; one which can be subpoenaed for your IP address, you do not meet the requirements.
Re: (Score:2)
Goodluck, he's behind sevan proxys.
Re:What are the requirements??? (Score:5, Funny)
I'd apply if I knew the requirements and experience??
A degree in Malware Engineering and 10 years experience with Stuxnet.
Re: (Score:2)
There needs to be a "+1 Brilliant Satire" mod for this comment. Well done.
Re: (Score:2)
If you're really good wouldn't you work for the people who CATCH those guys?
"health benefits not included"
Who wants health benefits--I'd want LEGAL benefits.
Re: (Score:3)
If you're really good wouldn't you work for the people who CATCH those guys?
Only 25% would. ;)
Re: (Score:2)
If you're really good wouldn't you work for the people who CATCH those guys?
Taking a wild guess, the money working in law enforcement is less.
Re: (Score:1)
Now there's a job with horrible pay. At least where I live. And you kinda have to mostly go after "copyright crime", not much time is spent going after malware authors.
(I mean the police department's cyber crime units)
Re: (Score:2)
Being an asshole is an implicit requirement.
Re: (Score:1)
And why would I trust them to actually pay? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:2)
Re:And why would I trust them to actually pay?
By establishing who funds them.
Re: (Score:3)
Re:And why would I trust them to actually pay?
By establishing who funds them.
We're Crime, and Crime doesn't pay.
Re:And why would I trust them to actually pay? (Score:5, Funny)
nah, I think I saw it was BitCoins...
Re: (Score:1)
Do you think that cash is exempt from taxation?
Re: (Score:1)
In theory or in practice ?
Re: (Score:1)
Re: (Score:2)
Is the income taxable? I am assuming there is a chance that one would be paid in cash, if paid at all?
All income is taxable. Don't forget they got Al Capone for tax evasion.
Re:And why would I trust them to actually pay? (Score:4, Insightful)
To be honest, the bigger issue would be getting busted while they get off free. I doubt very much that they'd fail to pay the money that they promise for work. They're criminals, but that doesn't mean that they'd be dumb enough to short change the person writing their code.
Plus, what makes you think that cybercriminals are any less apt to violence than regular ones? If they're able to pay you, they're able to find you, and if they can find you then they could hire somebody to dispatch you if you so chose. Organized crime is organized crime, the internetiness of it all doesn't change that.
Re: (Score:3)
A malware coder is less likely than your average drone to agree to let Thuggy hand him a sack of cash in a back alley that corpses are regularly found in. He'd require payment in Bitcoins, or a wire transfer to an offshore account belonging to an off-the-shelf bank that bounces around a dozen more shell banks (which mysteriously go bankrupt the following day). Even if their employer is an FBI informant they're unlikely to get caught.
Re: (Score:1)
>with traditional crime I can just shoot people who double cross me.
you can always malware your malware.
Re: (Score:2)
It may surprise you, but creating malware is not a crime everywhere. Using it to infect computers may be, but technically they're just creating software for a company, so yes, they'd be very normal employees with the usual normal rights to go to court for their salary.
Honeypot? (Score:5, Interesting)
Honestly, if I was even considering writing malware, this would smell like a major sting operation.
The group recruiting for this service must expect that plenty of white hats and/or law enforcement would apply just to see who responds. It would be asinine.
This is one of those industries where I would expect recruitment to be a "don't call us, we'll call you" type of situation.
Re: (Score:3)
The group recruiting for this service must expect that plenty of white hats and/or law enforcement would apply just to see who responds. It would be asinine.
The problem isn't tracking down the people running these botnets, it is getting [random former soviet state] to give a shit and do something about it.
You can't even count on the fact that their country has a law on the books relevant to the 'crimes' they're committing.
Re: (Score:1)
This is one of those industries where I would expect recruitment to be a "don't call us, we'll call you" type of situation.
This is exactly how they do it, I have been approached in the past. For me, I spoke at a technical conference about an exploit. That evening I was invited to a hotel room for a party (by a rather attractive woman)... at the party I was shown a backpack of money, and asked if I needed some "side-jobs". I turned them down and found an excuse to leave the party shortly after. It all seemed rather Hollywood, but they are probably fairly effective with that recruiting style.
Re: (Score:3)
A big myth!
Asking whether one is a police officer, FBI agent, special investigator, etc is NO guarantee of anything.
Nor is them legally breaking the law - it's standard operating procedure for investigators in stings, such as during undercover drug operations and investigating massage parlors.
The authorities, which include all sorts of agencies, can, and often do, lie during the course of an investigation, as well as other times, such as during interrogation.
And yet, lying to the authorities is often a crim
A better political system (Score:2)
That is why anarchy is the best form of democracy. You have your own laws and turfs. No some bullshit feds and/or LE around you.
Re: (Score:2)
I think you misunderstood what he was saying.
If a cop walks up to you and says "Hey want a job writing malware that can still credit card info?" that's entrapment. However, if a cop walks up and says "Hey you looking for a job?" and you respond "Fucking A I am. I want to write software that steals shit" it's not."
Re: (Score:1)
Re:Honeypot? (Score:5, Informative)
It's not (yet) illegal to write any kind of software you like, no matter what its purpose. What's illegal is how it's used and/or distributed.
If ever it became illegal to write software which exploits security vulnerabilities in software, there would be a whole community of white-hat researchers who'd be out of a job overnight.
Re: (Score:2)
It's not (yet) illegal to write any kind of software you like, no matter what its purpose. What's illegal is how it's used and/or distributed.
Sorry to disappoint you, but in Germany it is, although I do not know of any prosecution cases using this law.
Re: (Score:1)
Even ignoring that that was a ruling about a civil case, I don't see how the text you quoted supports your conclusion.
Re: (Score:1)
Re: (Score:2)
1: Reply to ad
2: Phone FBI/MI6/ETC
3: ???
4: Profit!!!
Seriously, that's how it works for once.
Re: (Score:2)
"Say your last prayers, comrade"
Yes, because the gangsters are going to be card-carrying Communists from the 1950s.
New plan (Score:3)
1) Put up ads to hire malware writers
2) Set wages low specifically to attract stupid kids
3) Convince kids to download your toolset to work off of while developing the malware
4) Toolset is a trojan, steal their parents credit card
5) Profit
6) Get away with it every time, 'cause no kid is going to cop to trying to get a job working for hackers
Alternative explanation - it's entrapment by those 25% of hackers who work for the Feds.
Re: (Score:3)
Even in the US - 5k a month is good money. Without benefits it's not great; but I know entry level developers who make less. And, if you live outside of a big city, tech jobs tend to pay less anyway.
Re: (Score:2)
60k a year with no benefits is pretty bad. Add in the fact that it's a criminal enterprise, and it's insanely low. I'm no expert, but I would think that working for organized crime would pay better than entry-level wages to offset the whole "living in fear of a knock on the door" thing.
Also, note that $5k/mo is the high end. On the low end, you could make more as a waiter.
Re: (Score:2)
60k a year with no benefits is pretty bad.
It's pretty bad if you're paying taxes on it. I doubt that these employers will be filing W-2 forms, though.
Re: (Score:3)
Check out some of Sudhir Venkatesh's [amazon.com] stuff. He's done some close sociological work with gangs, and the results are quite surprising. The rank and file drug dealers on street corners would be better off at McDonalds: the pay is about the same, and you have a lot less chance of being shot. It's only a few of the serious kingpins who bring in a good income, and at that point you're working so hard keeping
Re: (Score:2)
60k a year with no benefits is pretty bad. Add in the fact that it's a criminal enterprise, and it's insanely low. I'm no expert, but I would think that working for organized crime would pay better than entry-level wages to offset the whole "living in fear of a knock on the door" thing.
Google for "why drugdealers live with their mom". Someone managed to get all kinds of sociological information about a major group of drug dealers. Results: 1. Their average death rate was higher than the average death rate for criminals on death row in Texas (1 in four per year vs. 1 in five per year). 2. One guy made $100,000. Three guys made $20,000 per year. Most made less than $10,000. 3. The guy conducting the study managed to get one of the dealers a job as janitor at the university. The guy was ecst
Re:New plan (Score:4, Interesting)
Actually - I've often wondered why we don't hear about more low tech cases of identify theft/credit card fraud. Maybe it's just so easy to do it with malware nobody cares.
Post real positions on Criagslist and others for legitimate sounding work. Be selective, post realistic requirements and pay, do a phone interview. I'd even explain that, 'Hey, since this is a work from home job/telecommute job - we're going to need your college transcripts'. That makes it seem more legit. Of course, a legit job needs your SSN. I've done real work from home (software development) and they need my SSN. It was a real company, and they paid me.
Not only would you get all of their SSN and personal info....the transcript would be worth a lot of money too. Yeah, you can open some credit cards and what not with the SSN; but have you seen how easy it is to get money for school these days? My wife barely makes over minimum wage and she was approved for SEVENTY THOUSAND DOLLARS for her first year of school. Stop and read that again. Now, granted, say half of that is tuition. That still leaves THIRTY FIVE THOUSAND DOLLARS. And it's pretty easy to get into a lot of graduate programs.....I'm doing my Master's right now and they didn't even need my GRE scores (they did require transcripts though). With relative ease and someone's information, I could apply on their behalf to a school, get accepted, get student loans, and get a LOT OF MONEY.
Maybe there is more about this I don't know; but it seems like it would work. In this economy, I'm sure you'd get a lot of bites from your job post; for a start date 2 months in the future. After you get the info you wait, and keep collecting it from others. At the end of the two months, you apologize to everyone and say the economic downturn has caused the project to be cancelled. You have the info but haven't done anything illegal yet. Repeat 4-5 times with different information.
Then, move, and start with the identify theft. Cha-ching. Do it in the order you collected the info; so by the time you open your first CC card, it's been 9-12 months before you got their info. They'd have a lot of trouble tracking you down. And, if the student loan thing worked out - oh man - that's a lot of money.
Just don't get caught.
Re: (Score:2)
Most colleges do require transcripts.
Most colleges also require that they be sent directly from the reporting school.
No (decent) college will accept a paper copy of transcripts that you hand them. It's just way too easy these days to creatively edit.
Regards.
Re: (Score:2)
Yes - but I'm saying with all of the information you've collected by pretending to be a fake employer and the copy of the transcript you had them give you; you could re-request the transcripts and whatever else you need.
Believe it or not, I actually had to do this yesterday.
I went to the old school's website and clicked the 'Request transcript link'. I needed to provide either my old student ID number or my SSN (if I were running this scam, I'd know the SSN to enter). I also needed my name and date of bir
Re: (Score:2)
What a relief (Score:2)
At those prices they are going to get crappy developers. To get a good developer who is willing to check his morals at the door, they would probably need to pay closer to ten times that.
Money is about right... (Score:3)
I suspect that most really skilled developers would pass simply because I don't generally see really the psychology matching up. The really good devs aren't in it for money (at least as the primary motivation), they enjoy building things and not destroying the systems of uninformed n00bs or stealing their credit card numb
Re: (Score:1)
Re: (Score:1)
Hmm, into cross dressing, hey?
Re: (Score:2)
Screw that - I'm a talented developer and I want all the money I can get, preferably while making something beautiful. You must have only met "born rich" developers.
Screw that - I'm a fucking psycopath and I want all the money I can get, preferably while making something beautiful. You must have only met "born rich" developers.
FTFY.
Re: (Score:2)
At those prices they are going to get crappy developers. To get a good developer who is willing to check his morals at the door, they would probably need to pay closer to ten times that.
Most people don't do crime because they know it's wrong, not because the pay's not that great.
Re: (Score:2)
Re:Vundo and friends (Score:5, Informative)
Doesn't delete the Start Menu shortcuts....it moves them into a hidden folder called smtemp in your user's Temp directory. They can be restored fairly easily if you haven't already blown away everything in that folder.
Some new variants are removing the registry key that shows the "Show Hidden Files and Folders" option from Folder Options. While re-importing the key is fairly trivial, you have to get rid of the malware first. Even better than that, they then associate any .exe file extensions with the Trojan Horse. If you remove the Trojan Horse, rundll32 asks what program you wish to launch program.exe with.
There is a really nice reg file that someone exported and threw on a website that addresses this issue and fixes the file association. Since reg files can be run without actually opening regedit, it will import if the file association is already jacked. This file is intended for XP, but will work with Vista and 7...it just throws an error that you can ignore.
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip [dougknox.com]
Fun and games. If you stop/remove the Trojan, run the command below from a command prompt with admin privs (for Vista and 7 users...XP runs the command as admin as long as you are a user with admin privs). If the malware is still running, you may still have some time to get some of your stuff moved off if you're worried about losing it or just want to restore the box.
attrib -h /S /D C:\*.*
The malware is cleanable and the OS is repairable, believe me....but it takes a lot of work and time to understand what the malware has already done and what changes need to be reversed.
Hope this helps someone!
Re: (Score:1)
Re: (Score:2)
attrib -h /S /D C:\*.*
A bit quicker -
cd c:\Users - Vista or Windows 7
or
cd c:\Documents and Settings - Windows XP
Then
attrib -h /S /D *
That way it doesn't parse through EVERYTHING (program files and the windows folders would be brutal)
Also the registry fix is basically navigate to
HKEY_CLASSES_ROOT\exefile\shell\open\command
Then change the command to be - "%1" %*
Take note of whatever was before the "%1" %* before since that's the malware. Generally you can delete the file manually in safe mode or from a knoppix boot disk (you want
Re: (Score:2)
Re:Vundo and friends (Score:4, Informative)
Fist off, it's foolish and counterproductive to try to remove malware by using the OS that's infected. Boot to a live CD (like BartPE so you can mount the registry) and at the very least disable it from startup. From there feel free to boot to the OS and repair the damage.
The start menu is indeed moved to the user's Temp folder. In detail:
smtemp\1 is the public start menu
smtemp\2 is the user's start menu
smtemp\3 is the public desktop (I think, I've only seen this folder once)
smtemp\4 is the user's desktop
It also disables the listing of recently used programs in the start menu and un-pins everything. It's easy to turn that back on.
The following is a terrible idea:
attrib -h
as it will unhide everything on the computer.
It's quite easy to instead just select all the profiles under \Users\, go to properties, uncheck hidden, and apply to all sub objects. Afterwards, go into each profile and rehide only the top folder of AppData and all of the files in the root of the profile (things like ntuser.dat). In XP there are a number of other folders under the profile that are hidden by default. Reference a known good computer to see which ones.
It may also set some group policies to disable the desktop, the task manager, and disable changing the wallpaper. Delete these.
The particular malware that does this does not alter
Another spot to look out for is IFEO debugger entries. Look under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Inside you will find keys of image names (like iexplore.exe). Under each key you may see a string value called Debugger. It's data will be set to the path of the malware that's infected the computer. If such a key exists, the 'debugger' will be launched whenever you try to execute the specified image.
That about sums it up for all of the 'modern' 'viruses'. Quite pathetic. The only reason these things work is because people are tricked into letting them through UAC. The new Mac infections function nearly identically. They require that the user enter their root password for them to install, and all they do is put themselves in the Mac's startup locations, so they're even easier to remove.
Re: (Score:3)
, what kind of prison will they go to?
Depending on the skills, they may end in Siberia, in a highly comfortable cell with broadband optical fiber, doing same work for another (state) employer and possibly without pay.
Re: (Score:2)
But with more fringe benefits. Free food, free board, free exercise, free funeral...
hmmmm (Score:1)
Re: (Score:2)
Its not a matter of cannot but will not. (Score:2)
I know many dozens of coders that are more than capable of writing malware. However I don't know any of them that cherish the idea of being a prison bitch. If it where not for that tiny fact there would be mayhem in the intertubes.
Re: (Score:2)
I know many dozens of coders that are more than capable of writing malware. However I don't know any of them that cherish the idea of being a prison bitch. If it where not for that tiny fact there would be mayhem in the intertubes.
So fear of punishment is all that stops most coders from being criminal arseholes?
Depressing.
Malware is easy... (Score:1)
Meh (Score:2)
Re: (Score:2)
$2000-5000 per month? Hell, I make that doing my legitimate job (and I get full benefits + stock options). Not wroth the risk of potentially going to prison.
Yes, but a lot of clever teenagers in Eastern Europe don't earn $60K a year, hard as that may be to believe.
Re: (Score:2)
Theres always a next generation of people who think itll be profitable that you can sell access to.