By Jo Best, 20 September 2004 12:40
NEWS The teenage virus writer arrested for writing the Sasser worm has been offered a job - at a security firm.
Sven Jaschan, an 18-year-old from Waffensen in Lower Saxony, who is also thought to be behind the Netsky virus and is currently awaiting trial for his virus-writing antics, could be about to enter gainful employment with German firewall company Securepoint: he's currently under apprenticeship with the firm.
Securepoint says it will teach the ex-malware maker to be a security programmer. The security vendor says they would like to hire the reformed script kiddy because he had knowledge in the field and deserved a chance to prove himself.
However, Jaschan's software training may need be put on hold for some months - even years. The teen is currently facing charges including data manipulation and computer sabotage, which could see him in jail for up to five years.
Jaschan is thought to be responsible for 70 per cent of all virus infections in the first half of the year and estimates of the damage caused range up to several million pounds.
Some security professionals have expressed unease about Jaschan's new job, although adding they are happy to see him rehabilitated and contributing to IT. Graham Cluley, senior technology consultant at antivirus firm Sophos, said: "The company that has hired him has an interesting challenging ahead reassuring the media and its customers that it has not set a precedent by 'rewarding' those who may have only months before been launching attacks against innocent computer systems."
Cluley also said he would prefer Jaschan to join the right side of IT as a games writer or web designer, not tinkering with security, given his history.
One software writer contacted by silicon.com said that he would "be worried for the sake of the company" if a virus writer like Jaschan were to join his team. While being a game writer might help keep ex-virus writers on the straight and narrow, "unless he was working on antivirus stuff, [his knowledge] wouldn't be that useful", he said.
While Jaschan may have decided to forget about the virus writing world, the virus writing world clearly hasn't decided to forget about him.
The latest version of MyDoom contains a picture of Jaschan. Mikko Hypponen, director of antivirus research for F-Secure, said the virus writing community could be trying to mock the teen.
"The photo could be making the point that MyDoom has won the virus war but then again, Netsky was much more widespread than MyDoom" he said.
Comments
There are 23 comments. Join the discussion
1. vincent
Instead of hiring him, let me at him for a few minutes. I have a score to settle with the likes of him. I have a computer which I have been trying to fix, due to many viruses and spyware, since June 15, to no avail. Add $1000 to the millions of damages he caused.
2. anonymous
How about hiring some proof readers and I'm not talking about the IT security sector. Various articles are starting to look like they were written by secondary school kids.
3. Lacey Haden
Why? Would you hire a serial killer to be a police detective? If other criminals were given jobs in thier chosen crime the world economy would be in total chaos more than it already is. This may be only one kid, but soon enough more will follow. What makes you so sure that he will stop his destruction just because he has a real job?
4. anonymous
As a systems engineer and network security professional who has to fight the crap written by these idiots everyday.... I say cut his hands off and ban him from using a computer for the remainder of his life.... and if he does, the death penalty should be in order.
5. anonymous
This is sending out the wrong message to would-be virus writers. He should be punished like any other criminal, not rewarded with a job over many other law abiding young people.
6. anonymous
I want my money !!
That little jerk's code cost me and my company money. Securepoint obviously value his training and as he honed his skills by destroying my network, they can give me the 10 grand that his infection cost me!
i would never entertain the idea of buying any product from Securepoint. in fact i will make a point of memorising the name Securepoint forever to make sure that i don';t buy from them.
Securepoint is in MHO the most irresponsible company involved in the security industry. I hope their network gets the same treatment that mine got and that their company goes bust as a result!
7. Peter Scargill
Clearly the answer is to completely boycott any products from this particular firm - what on EARTH are they thinking about. That guy won't have paid his debt to society until ewvery single company who's had their data messed up thanks to virii he's produced has been compensated. Until then he should be locked away without as much as a pen never mind a keyboard.
8. anonymous
In other news, shares in the German company nosedived upon shareholders receiving the news that the company had hired a criminal to aid future development of their products causing mass defections from the customerbase...
9. Joel Watson
Yes, I also noticed the appalling spelling and grammar. Interesting and informative as ever though.
10. anonymous
Sorry... No!
I am still receiving 2 NetSky infected emails a day on my home machine. I am all for rehabilitation but not for employment in security. This is highly inappropriate and I would not deal with a company who has knowingly employed in this way. Personally I would like to see malware writers locked up for a very long time. They clog up the internet, and cost us millions. They are one of the most loathed of individuals on the planet... It's just a good job their victims cannot get to them.
I can say this as a security specialist working for a large financial institution. I suspect many others will feel the same way.
11. anonymous
"Crime does pay - lots of fame and now a monthly paycheck" What a great message to be sending to disaffected teenagers around the world...
12. royston
Ever heard the term "set a thief to catch a thief" as for the police coment, since when have the police been that clever at catching these people? this kid has more chance of catching out virus writers than most of the police have. as for the other post, if you had your computer updated properly you wouldnt have this much damage.its not the damage to the pc you have to worry about its the damage to the data which is in use at the time,big companies lose money waiting for the data to be repaired not the sodding pc,s so your piddling 1000 isnt the problem, its the 1000 or so computers you affected by not keeping your pc and its data up to date, shame on you.hackers are after your data and to sell it to malware writers(spam included).they want to be at the top of the tree in their stupid little world of writers. they want to be popular in their world."ooooh i just hacked into microsoft or a huge unhackable company ,i,m famous again" so bloody what!!!what on earth is so good at that?? unless they work for governments as secret espionage agents,and its there job i cant see any other use for their unpopular exploits can you?
13. anonymous
Virus writers who come in from the cold should be let off lightly and be employed in the anti-virus industry. Those who do convert are not the ones we should be worrying about - it's those who are employed in organised crime that should scare us. Now and in the future the AV industry needs talented people to combat the threat of the e-mafia.
14. Pierre Castille
I will NEVER buy anything from this security firm. The fire brigade do not employ arsonists. The Police do not recruit criminals. Banks do not engage fraudsters so why should a security firm employ a virus writer?
The IT industry needs to send a message to all hackers, scammers and their ilk - they are not wanted in our industry, and no matter how clever they are we are not going to employ them.
It is a question of trust - and a security firm should understand this more than anyone else in our industry.
We should say no to hackers and no to any company that employs one.
15. anonymous
Once a criminal, always a criminal? All of your comments are assuming that there is no way a person can change. I smoked tons of pot when I was younger, but I don't any more. By the comments I've read, if any of the authors knew me back then probably would have written me off as a stupid burnout with no hope.
16. Know1
I love the way everyone is bitching it's his fault that you failed to secure your systems properly.
Come on children, in this day and ages we all lock our doors, due to rampant crime. This is the same.
He's still a criminal (allegedly) but you can't blame him for your lack of security.
I know many hackers now working in respectable IT jobs, does the fact they never got caught make it better or worse?
Even rapists and murders get a second chance.
17. anonymous
Yes you’re right banks don’t employ fraudsters but the fbi and check companies do. Take Frank Abagnale Jr. for example, he is the character portrayed in catch me if you can. He stole millions of dollars, and then created secure checks, which most people carry in their pockets.
18. Neil
Don't blame the writer! If the software wasn't so CRAP we wouldn't have been in that situation. Look to greedy Microsoft as the villains who use us as software testing guinea pigs!!!
19. anonymous
All those idiots replying saying "Ooo don't blame the virus writer! If your software/systems were secure/non-exploitable then it wouldn't happen" need a massive reality check.
Presumably, you therefore wouldn't mind if I exploit a weakness in your car window when I break it with a brick and steal your briefcase or stereo?
After all, it would be your fault because you hadn't secured your car properly by encasing it in concrete thus making it suitably secure.
Also, you won't mind if I take a baseball bat to your kneecaps because you're not walking around in a suit of armour as well?
20. IgnorantJoeBlow
Why not hire the kid? Look who's running the government in the US! Criminals are in professional positions everywhere these days. Let the kid collect a paycheck. In response to another reply... I don't wear body armor because I live in a "reasonably secure" region. My car is not encased in cement because it would then be difficult to drive. Using security on my computer? Well, since it is highly available and common, I use the little bit of intelligence God gave me to make sure my systems are up to date and secure. I run Linux, BSD, and Windows servers, and can honestly say not a single one has had a virus since installation. My car windows aren't broken either... oh, and my kneecaps? I may buy some shin gaurds to wear under my slacks if the news and everyone around me warns that it would be a good idea.
21. Mike Henley
He's just a kid...give him a break.
22. johnny k.
This is encouraging more programmers to write more viruses to be famous. they shouldn't get any jobs related to IT in future as a punishment and to prevent others follow their step. FREE THE INTERNET FROM VIRUSES!!
23. Biniam aka BiniDogg
I have the source code for SASSER Worm and NetSky.C@mm so i'm gonna make another varuant and Symantec will hire me!! Foreal. Get Ready.
This is because MyDoom and Bagle Worm writers made me sick by insulting Sven Jaschan(the Sasser Worm writer).