Security firm looks to hire alleged Sasser author

The teenage virus writer arrested for writing the Sasser worm has been offered a job--at a security firm.

Sven Jaschan, an 18-year-old German, who is also thought to be behind the Netsky virus and is currently awaiting trial on virus-writing charges, could be about to enter gainful employment with German firewall company Securepoint.

Securepoint says it would teach the ex-malware maker to be a security programmer. The security vendor says it would like to hire the reformed "script kiddy" because he has knowledge in the field and deserves a chance to prove himself.

However, Jaschan's software training may need to be put on hold for some months--even years. The teen is currently facing charges including data manipulation and computer sabotage, which could see him in jail for up to five years.

Jaschan is thought to be responsible for 70 percent of all virus infections in the first half of the year, and estimates of the damage caused range up to several million dollars.

Some security professionals have expressed unease about Jaschan's potential new job, although they said they'd be happy to see him rehabilitated and contributing to IT. Graham Cluley, senior technology consultant at antivirus company Sophos, said Securepoint would have "an interesting challenge ahead (in) reassuring the media and its customers that it has not set a precedent by 'rewarding' those who, only months before, may have been launching attacks against innocent computer systems."

Cluley also said he would prefer Jaschan to join the ranks of IT as a games writer or Web designer, not a security professional.

One software writer said he would "be worried for the sake of the company" if a virus writer were to join his team. Working on games might help keep ex-virus writers on the straight and narrow, but "unless he was working on antivirus stuff, (his knowledge) wouldn't be that useful," he said.

While Jaschan may have decided to forget about the virus-writing world, it clearly hasn't forgotten about him.

The latest version of MyDoom contains a picture of Jaschan. Mikko Hypponen, director of antivirus research for F-Secure, said the virus-writing community could be trying to mock the teen.

"The photo could be making the point that MyDoom has won the virus war, but then again, Netsky was much more widespread than MyDoom," he said.

[Not Bugged]

NEVER, EVER HIRE A VIRUS WRITER

How clueless do these people have to be to hire a known writer of viruses? Don't they understand their actions encourage future virus writers who'll think to themselves "Aha, ole so and so got a cushy job after he was caught so if I get caught I can count on a nice job too".

In my opinion the writer of any virus ought to be limited to "Do you want fries with that?" as the highest possible pinnacle of their post-virus writing career.

Cybersecurity firms must stop this practice

How can customers of a security firm trust a firm that persists in hiring "reformed" black hats. How can one ever know if that person isn't simply a wolf in sheep's clothing? Security firms need professional standards akin to those adopted by accountants, professional engineers, etc. Credible, enforced ethical standards are needed. A convicted black hat should never be allowed to work in a security firm. Hiring these people rewards the bad behavior. Customers need to have a high level of assurance that cybersecurity firms are hiring trust-worthy people.

Hire Him, Pay US!

Speaking as a professional IT Manager.. The virus/worm cost at the least the sleep of the IT groups worrying, and on the other end... Sleepless nights cleaning systems and Billions of dollars lost of lost revenues. What does this say for other script kiddies... Do it up really good and get a good job!!! Come on, there are a lot of really good security/programming professionals out of work right now!!! Do the right thing, and send the kid up the river and DO NOT REWARD him for Billions of less revenues!!!

[Stan Kee]

Way to go kid

He's no worse than the rest. If anything he knows the key to success: criminal acts.

Enron
Worldcom/MCI
Tyco
Halliburton
POTUS

[jirohkanzaki]

VIRUS WRITERS AREN'T THAT GOOD

what the heck? ANYBODY with some knowledge about programming and networking can write a virus. Security though is a discipline that requires a lot knowledge and experience. A security company that hires a virus writer just tells you how clueless that company is about its own industry. Maybe they're just doing it for publicity but nobody should buy products from these companies since it will just spur more virus writers who don't have lives to create more havoc.

[Cr01D]

Let him make malicious code, to make money.

Let him create the malicious code for companys such as McAfee. He makes exploits and discovers faults in Windows, they patch it before the exploit is discovered by some other yuppie. Then again, people like him create more work/money for me in the future.