Dirty IT job No. 5: Fearless malware hunter
Wanted: Go-getter with inquisitive nature and a high tolerance for gore, sleaze, and the baser instincts of humanity.
Hunting malware means crawling the deepest, darkest, nastiest corners of the Web, because that's where the bad stuff usually congregates -- such as drive-by installs on porn and warez sites, says Patrick Morganelli, senior vice president of technology for anti-malware vendor Enigma Software.
"Due to the nature of the sites we need to monitor, one of our first questions in any job interview here is, 'Would you mind viewing the most offensive pornography you've ever seen in your life?' Because that's what a lot of malware research entails."
[ Hackers aren't always so hard to track down. See "Stupid hacker tricks, part two: The folly of youth." ]
Even employees not actively involved in malware research can encounter deep nastiness, he says. One time an employee merely passed by a support technician's display while the tech was remotely logged in to a customer's PC. What the employee saw on the tech's screen was so disturbing that he quit shortly thereafter.
"It can definitely wear on people," Morganelli says. "The amount of filth you need to go through on a daily basis just to do your job can be pretty trying, and much of it is extremely disturbing -- bestiality and worse. But there's no way to fight this stuff unless you go out and actively collect it."
Andrew Brandt, a malware researcher and blogger for security software vendor Webroot (and InfoWorld chronicler of IT admin gaffes, stupid hacker tricks, and colossal QA oversights), says he was warned before he took the job that he'd see porn that would turn his stomach. But he says he sees less malware distributed via porn sites and more via fake BitTorrents and game cheats sites.
"I would describe my job as rubbing a white glove on the filthy underbelly of the Net and seeing what comes off," says Brandt. "Every day I work with malware that does everything you don't want it to do -- like steal your bank account information, break your computer, or barrage you with ads -- and I do it 20, 30, 40 times a day.
"The dirtiest thing about my job is not that the malware is incredibly difficult to research or fix; it's that once the bad guys latch onto some trick they use it over and over and over. I start to crave the little differences that crop up. Still, every day I learn something new -- even if it's just 'oh my god, this is the hundredth time I've seen the exact same exploit'."