IT security, vunerabilities, bugs, fixes, flaws, RSA conference and Infosec.

Rewarding times

As the conviction of the author of Sasser B showed, it is possible to catch at least some virus writers.

But bounties like this are going to become increasingly ineffective because of the changing nature of the threat. We're dealing with hardened criminals now, not frightened teenagers.

Police love people like Sven Jaschan because they're easy to catch, mostly. They either leave clues in the code or they brag about it to their few and far between friends.

After all, what's the point of getting a really big virus infection if no-one knows it was you who did it? Once caught they usually spill their guts in seconds and are happy to show how they did it.

But when a bunch of identity thieves commissions a virus they aren't going to leave clues, or brag about it. And they're not looking for reward money, they're looking for your money.

July 19, 2005 in IT Security | Permalink | Comments (0) | TrackBack