Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Gangs Run Ads To Hire New Coders

Posted by Soulskill on from the taking-advantage-of-the-poor-job-market dept.

An anonymous reader writes "Think crime doesn't pay? Think again: an increasingly common sight on underground cybercrime forums are ads paid for by malware writers who are looking to hire talented new programmers. The most common ads are for 'crypters' designed to disguise known malware, and 'Web injects,' plug-ins made to run alongside crime kits like ZeuS and SpyEye. Salaries range from $2,000 to $5,000 monthly, health benefits not included."

3 of 120 comments (clear)

  1. Honeypot? by NiteMair · · Score: 5, Interesting

    Honestly, if I was even considering writing malware, this would smell like a major sting operation.

    The group recruiting for this service must expect that plenty of white hats and/or law enforcement would apply just to see who responds. It would be asinine.

    This is one of those industries where I would expect recruitment to be a "don't call us, we'll call you" type of situation.

  2. Re:What are the requirements??? by RobDude · · Score: 5, Interesting

    My wife has been accepted to Vet School in Ireland. Not only does that not allow me to live in Ireland with her, I'm also unable to work without 'sponsorship'. While I've had plenty of interest, as soon as I mention my inability to work without sponsorship, they drop me like a bad habit.

    The time difference, distance, viable exchange rate along with other reasons all mean I don't want to continue working at my current job.

    My citizenship status makes it very difficult to find a job in Dublin. There are very few legit jobs in the US that would want me in the given situation. I'm a decent developer, but I'm nothing special. I've worked as a consultant; but if you were going to bring in an expert contractor - I don't have the experience/skills. If you are going to bring in a 'pretty good dev', you'd get a local guy.

    In my situation, options are limited. I don't have much exposure to malware/scammers/etc - so I don't know how much luck I'd have earning a money with my own scams. It's also relatively unlikely that I'd be able to launch some great web startup that would fund my lifestyle. People have done it, but it's rare and they tend to be smarter, more skilled, and more dedicated than I am.

    I have some savings, but once I can no longer show the ability to financially support myself; Ireland will kick me out. I still have months before it comes to that; but it very likely will happen in the next 6-9 months (I haven't moved there yet). As that deadline comes closer I'd be lying if I said I wouldn't *consider* slightly less than legal methods of earning money. I mean, even if I setup a website, printed some fliers and fixed local college kid's computers for $15 an hour, I'd be breaking the law.

  3. Re:Vundo and friends by iMouse · · Score: 5, Informative

    Doesn't delete the Start Menu shortcuts....it moves them into a hidden folder called smtemp in your user's Temp directory. They can be restored fairly easily if you haven't already blown away everything in that folder.

    Some new variants are removing the registry key that shows the "Show Hidden Files and Folders" option from Folder Options. While re-importing the key is fairly trivial, you have to get rid of the malware first. Even better than that, they then associate any .exe file extensions with the Trojan Horse. If you remove the Trojan Horse, rundll32 asks what program you wish to launch program.exe with.

    There is a really nice reg file that someone exported and threw on a website that addresses this issue and fixes the file association. Since reg files can be run without actually opening regedit, it will import if the file association is already jacked. This file is intended for XP, but will work with Vista and 7...it just throws an error that you can ignore.

    http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

    Fun and games. If you stop/remove the Trojan, run the command below from a command prompt with admin privs (for Vista and 7 users...XP runs the command as admin as long as you are a user with admin privs). If the malware is still running, you may still have some time to get some of your stuff moved off if you're worried about losing it or just want to restore the box.

    attrib -h /S /D C:\*.*

    The malware is cleanable and the OS is repairable, believe me....but it takes a lot of work and time to understand what the malware has already done and what changes need to be reversed.

    Hope this helps someone!