Chinese virus writer seeks gainful work

28-year-old Li hit the headlines in 2007 because his Fujacks malware code converted the Windows icons of infected programs into a picture of a panda burning joss-sticks.

Whilst this apparently benign hack was going on, however, the worm lifted games user names and passwords from any PC it could infect.

The Chinese newswires report that Li's good behaviour meant he did not have to serve his full sentence of four years, allowing him to leave prison and head for Beijing.

According to Cluley, whilst it remains to be seen if Li is successful in his job search, he said he has "to admit that it would leave an ugly taste in my mouth if a legitimate anti-virus company were to hire the author of a worm, especially when it hit so many computers."

"The computer security industry has a hard enough time convincing the public that we're not the ones writing the malware, without convicted cybercriminals being hired to work alongside us," Cluley said in his blog.

"The skills required to write a decent anti-virus program are very different from those necessary to write malware, and it's a mistake to think that virus writers have demonstrated any skills that would be useful to a computer security lab," he added.

Cluley went on to say that it can be argued that all a hacker like Li has shown is that he has ethically immature.

"He's done his time in a Chinese jail and I wish him well for the future, but a malicious hacker like this needs to understand clearly that they have blown their chances of working in the computer security industry."

"Of course, not everyone feels the same as me. Even in the last year we've seen a number of cases - `Ikee worm author gets job at iPhone app firm'; `Firm hires Twitter worm author Mikeyy Mooney"'; `Mahalo hires botnet master' - where worm authors have been hired by firms, seemingly based more upon their notoriety and PR appeal than because they showed themselves to be more skilled that computer programmers who chose not to write malware."

Cluley asks whether this sends out the right message: "I don't think so. After all, do we really want malicious hackers to think that malware might be a shortcut to a new job?"


What’s Hot on Infosecurity Magazine?