Tuesday, February 2, 2010
Cyberthieves are hiring, using online ads
Two companies that are hiring -- at least on a contractor basis -- advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday.
What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on -- like a picture of Britney Spears getting out of her car. These people then collect a fee for each 1,000 times that the malware is downloaded.
One site, for example, pays $180 for each 1,000 times that malware is downloaded onto a U.S. computer but less for computers elsewhere. It refuses to pay for any downloads to Russian computers, causing Stevens and others to strongly suspect that it, like other similar sites, are based in Russia.
"We pay your wages via the following systems: Fethard, WebMoney, Wire, e-gold, Western Union (WU), MoneyGram, Anelik and ePassporte, and PayPal," the site said.
Stevens said it was impossible to know how many computers were infected via these companies but put the number in the millions.
Security professionals in the audience for Stevens' presentation laughed at times, most likely at how blatant the web sites were. reuters