Recognition for malware authors

We had an interesting dilemma over the weekend. We received a sample of a worm targeting ‘StarOffice’. It’s not been seen in the wild, or likely to affect customers, but it is “˜interesting’ in the fact that it targets an application not widely targeted and is written in cross platform scripting languages. It also includes a rather lewd picture.


The dilemma faced was that the sample appears to have been sent in by the author(s). So the only reason for writing it would be to get some sort of notoriety. This harks back to the old days of malware when it was written to show off computer prowess. The focus has changed over the years and is now about making money.

The fact is, whatever the motivation, writing malware is not “˜clever’, on the whole it’s not even particularly difficult. Although this particular author seems to have trouble because the sample we received didn’t work.

It takes a lot more skill to identify and remove malware, but in this case, even that wasn’t difficult. So my message to the author is, don’t bother, get a real job, but don’t bother applying to join SophosLabs. In fact judging by the poor quality of what was submitted, I would recommend a completely different career.

Update 4th June – If anyone other than malware authors want to join SophosLabs, we’re recruiting