Looking for code work? Write fake anti-virus scripts
Scammer job ads move mainstream
Updated A scareware purveyor has brazenly advertised for recruits on a mainstream job market website.
A job ad on Freelancer.com offers work for a coder prepared to turn his hand to the creation of fake anti-virus website redirection scripts. However, prospective applicants are warned not to expect a big payday - the budget for the whole project is between $30 and $250.
On the plus side the prospective employer, redlinecl, has 100 per cent positive feedback from previous coding lackeys. One said: "Nice buyer, hope can work for him again in the future."
Of course when the job involves tricking the unsuspecting into visiting scareware portals in order to flog software of little or no utility it's probably wise to take these glowing reviews with a pinch of salt.
The ad, posted on Monday (screenshot here), was spotted by security researcher Patrik Runald of Websense, who notes that the same chap was previously involved in fake PayPal pages, spam campaigns and other forms of malfeasance.
Runald described the ad campaign as an amateurish wannabe cyber criminal, based not least on his previous postings. "This guy seem to have no clue what he's doing," Runald told El Reg. "The Fake AV [anti-virus] business is based on affiliates which means that the company providing the software has people doing the fake AV scanning pages as well."
Adverts on Freelancer.com are largely legitimate but sometimes cross over the line into more questionable enterprises.
"Freelancer.com typically has jobs for creating websites, logos, writing help etc but there are lots of shadier once too, like making a voting bot," Runald explained.
The market for scareware is booming. Shysters involved in the business are increasingly adopting the business structures of mainstream security firms - even to the point of running call centres designed to persuade people not to try to apply for refunds, and recruitment programs.
redlinecl's project is on a much smaller scale than some of the Ukranian and Russian operations we've heard of, but it does illustrate the increased openness of those involved in the trade, who seem to feel little need to be discreet about their activities. ®
i recently had to expose a family friend as i caught her working on fake porn sites designed to siphon off credit card numbers via my family home's 'net connection. needless to say, she's not a friend any more; it wasn't pleasant to do but i won't have my family put at risk by scum like that.
as for the wider world, anyone taking on this kind of employment is actively working toward the death of freedom on the internet. don't do it - you are shitting on your own doorstep.
Not surprised at all.
These coding contract sites provide a high percentage of the spammers on Yahoo! Answers, where I run a spam destruction group. An estimated 5% of all answers posted are spam, about 10,000 posts a day, impossible to filter because of their varied (and constantly changing) content.
Freelancer.com is the first site I check every few weeks, looking for job offers for spammers. They are described as on-line data entry, and some go into a lot of detail how the accounts are to be set up and used, in order to avoid looking like spam. But they want hundreds of posts of their links.
This "work" pays from 2c to 10c per post, counting only those that survive being filtered or reported off the site. The smarter contractors use bots (which are also advertised, either for sale, or as contracts for writing them). The poorer ones, in the third world, do it in family teams, all by hand.
Requests to rewrite articles in different ways, or to provide lists of synonyms (to be used for varying a given text) would also be from spammers, hoping to avoid being caught it there is a filter for commonly used phrases. This way they also hope to make their spam look like genuine replies. (The best spam fighting tool is an experienced person with a good eye; what they see in a single post to ID it as spam is virtually impossible to teach to a software program).
Knowing what contracts are being offered sometimes tells us what to look out for. Concentrated campaigns to remove them all at once reduces the spammers' incomes enough to make them give up. The really successful long-term ones appear to be wages employees, who are not deterred by most of their content being immediately removed. They are mostly for phishing sites that make enough to keep people on the payroll.
I'm not surprised to see malware-writing contracts on these sites. A good 40% of their offerings don't look totally legal, and 95% are substantially underpaid for the work involved/ They attract mostly desperate people in poor countries, who may not be aware of the legal status of the work being offered.
Not so unusual
These sites are full of crazy 'jobs' like this. Many people ask for 'clones' of existing sites - the best of these was someone asking for someone to download "all the webpages" and store them in a database. That's right, a 'clone' of google. Probably for $100.
Obvious malware is less frequent, apart from quite a few requests for software that cracks game DRM, or for aimbot kind of things (is that the term?). The best one I have seen so far is :
"the job is theoretically simple. i want to submit an article to the software which instantly make a thousand different rewrites of that article...[SNIP]...you'll find me to be a reasonable man but please don't ask me why i want to build such a software."
Very mafia! :)