The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.
Two companies that are hiring – at least on a contractor basis – advertise online, said Kevin Stevens, a threat intelligence analyst for SecureWorks, who presented findings on the organizations at the Black Hat cybersecurity conference outside Washington on Monday. What they are seeking is people who are willing to take malicious code they provide and link it to something that people will click on – like a picture of Britney Spears getting out of her car.
These people then collect a fee for each 1,000 times that the malware is downloaded. One site, for example, pays $180 for each 1,000 times that malware is downloaded onto a U.S. computer but less for computers elsewhere. It refuses to pay for any downloads to Russian computers, causing Stevens and others to strongly suspect that it, like other similar sites, are based in Russia. “We pay your wages via the following systems: Fethard, WebMoney, Wire, e-gold, Western Union (WU), MoneyGram, Anelik and ePassporte, and PayPal,” the site said.
Stevens said it was impossible to know how many computers were infected via these companies but put the number in the millions. Security professionals in the audience for Stevens' presentation laughed at times, most likely at how blatant the web sites were. It's hard to separate theft arising from these web sites from other sorts of Internet crime but the FBI tallied $264 million in losses from Internet crime reported by individuals in 2008. The report for 2009 has yet to be released. The cybercrime problem has become worse over the past three years as consumers and companies alike increasingly expose valuable data such as business plans, credit card numbers, banking information and Social Security numbers on the Internet. “There are hundreds of billions of dollars that traverse the Internet,” Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division, told Reuters late last year. “It's (the problem) absolutely gotten bigger, yes, absolutely.”