- Published: 08 June 2011
- Written by NStinchcombe
A blog posting by renowned security researcher Brian Krebs - warning that the elite of the coding world are being lured by carefully-worded job advert - has been confirmed by Idappcom, which has been tracking this worrying trend for more than six months.
According to Ray Bryant, Idappcom's chief executive officer, Krebs’ assertion that the employment outlook for criminally-inclined programmers has never been so bright is spot on, but Bryant warns that the lines between white and black hat coding are more blurred that most industry professionals might realise.
"As I said last November (http://bit.ly/mozR4A) when vendors started offering lucrative cash-for-bugs bounty schemes, there is a danger that a bidding war may develop - with cybercriminal gangs paying more than the software houses for the best bugs – since the criminals are the ones with the money," he said.
"Since then, a number of other security vendors have realised this trend, and now Brian Krebs has confirmed the fact - which is fairly obvious when you think about it, as the cybercriminal organisations don't have to pay taxes as legitimate companies do. This is what gives them the financial edge in luring the elite coders," he added.
According to the CEO of the security vulnerability and testing specialist, with malware coding now being allied with spear phishing and other advanced credential-stealing attack vectors, there is a danger that the cream of the coding industry may be attracted by `job adverts' offering even bigger money.
The big question, says Bryant, is whether the clever techniques in luring advanced coders into responding to what appear to be lucrative work-from-home job adverts will pay off in the longer term.
The problem facing the cybercriminals, he explained, is that once the coding job applicant has reached the stage of talking to their potential employer - either face-to-face, or more likely, via a webcam interview - they will have to eventually reveal what the job entails.
Having said that, Bryant went on to say, with the economy being in the state it is in, there will be a sizeable minority of coders who will just shrug their shoulders and sign up to the cybercriminal gang's programming operations, reasoning that their chances of getting caught are minimal and that the rewards are excellent.
"And they would be correct on both counts. Cybercriminal coders are a highly valued part of the black hat virtual corporation operations. They are so far divorced from the sharp end of the frauds, that they rarely appear on prosecutor's radar," he said.
"Our observations suggest that, until the coders-for-hire behind a cybercriminal operation like Zeus or SpyEye are brought to justice, then the brain drain on the programming front between the legitimate software business and the black hat world will continue," he added.
"As Brian Krebs reports, with black hat coders being offered as much as $5,000 a month to code up injects to Zeus and SpyEye, it's difficult to argue against the financial lures that cybercriminals now offer."
For more on the cybercriminal financial lures being offer to coders: http://bit.ly/klyDCX
About Idappcom
Idappcom Ltd. are a private UK registered company and were founded in 2004. Our Objectives are to provide excellence in the field of IT security and application security and management. Our main product, Traffic IQ, is a vulnerability assessment tool and has wide acceptance with security professionals throughout the world. Clients include major security appliance vendors, independent appliance testers, Military establishments, Telecomms companies and various others across a broad range of industries.
For more on Idappcom: www.idappcom.com
Press Contact:
Regine Hartmann
44 207 183 2834
This email address is being protected from spambots. You need JavaScript enabled to view it.