Jailed worm author offered job by victim
$133K salary awaits Fujacks fiend
A Chinese virus writer sent to jail for four years earlier this week has been offered a well-paying job by one of his victims.
Li Jun, 25, played a central role in a malware-fueled scam that led to the infection of hundreds of thousands of Windows PCs across the country.
The Fujacks worm he created converted icons of infected programs into a picture of a panda burning joss sticks, while surreptitiously stealing the user names and passwords of online games players. The worm infected an estimated one million Windows PCs in China, the worst ever outbreak.
According to Chinese media reports, Li has been offered a job paying a million yuan ($133,000) a year as technology director with Jushu Technology, a Hangzhou City-based firm that was one of the victims of the worm.
Li's lawyers said Jushu is one of 10 firms who've offered jobs to the "precious genius".
Security watchers reacted with bewilderment to the news that a jailed virus writer has been offered a job by one of the organisations he succeeded in infecting. "It's important that the IT community does not send out a message that writing viruses or worms is cool, or a fast track into employment," said Graham Cluley, senior technology consultant for Sophos.
"Li Jun broke the law and infected innocent people's computers and websites, causing financial damage. To reward his criminal act, infamy and bad behavior with a job offer in the IT industry is frankly perverse.
"Virus writers have proven themselves to be untrustworthy and to have a weak sense of morals - otherwise they wouldn't release their malware in the first place," he adds.
Li is not the first virus writer to gain a job offer off the back of the infamy that comes from writing high-profile malware. Jan de Wit, author of the Anna Kournikova worm, should be offered work in his local council's IT department, the mayor of the town of Sneek suggested. Sven Jaschan, author of the prolific Netsky and Sasser worms, was hired by a German IT security firm. ®
So Cluley thinks being offered a job ready for you after spending four years in a Chinese chokey is fast-tracked employment.
One wonders what he would consider getting a job the hard way would be like.
Fuck the "Security Industry"
""It's important that the IT community does not send out a message that writing viruses or worms is cool, or a fast track into employment," said Graham Cluley"
Personally, I'd rather have someone on my security team that actually knows something practical about security issues than a whining former adventure game writer who gets his jollies getting into flame wars with teenage girls.
And, although it isn't in his specific case (boring twat that he is), it would certainly be hypocrisy for the majority of the self professed "Security Professionals" to make much noise, since all the decent ones started out on the dark side. l0pht, 8lgm and so on come to mind, and most of the rest are just moralising wankers who think running nmap and Nessus is the shiznit.
"I'm a white hat", "I'm a grey hat".
You're an ass hat.
Doing the wrong thing the right way
On several occasions I've been asked by an employer to - err - 'circumvent' is I suppose the nicest way to say it - protection on software.
I did so legally as the original copyright holder gave permission for such a - err 'modification' to their original
Simply put, a crack can very well be benign as the original source may well be lost so there is no alternate other than to break the product in order to fix it.
Whilst I agree with the consensus it should be pointed out that such skills are not always a bad thing - as long as they are used responsibly, not destructively