Freelancer.com posts: jobs for botnets, fake IDs

Freelancer.com is being used to recruit malware writers and for identity fraud, recent posts to the global crowdsourcing website have revealed.

Crowdsourcing was the act of commissioning groups of people over the internet to perform tasks, usually much cheaper than employees. The alarm was raised by F-Secure anti-malware researcher Mikko Hypponen, in a tweet earlier today.

Freelancer.com deleted the posts and closed the user's account after it was contacted by SC Magazine.

A user identified as Novak1 has received four bids from malware writers and 19 bids from those able to supply a Photoshop template of a British driver's licence.

"I need a replica UK Driving Licence. I need this in a template format, so I can easily change the picture and other information on the licence," Novak1 posted to the Sydney-based outsourced contract providers website at the weekend.

"I need it to come complete with the correct fonts, etc. I belive [sic] this can be done in a Photoshop PSD Template with Layers. I also need a version for the back so that this information can be changed too."

While demanding the "highest quality work", Novak 1 posted "the price is negotiable" owing to the urgency of the job.

"We want a quick turnaround, no longer than a week, maximum. It must match the current UK Driving Licence."

Later, he posted, "Also i am Interested in many other EU ID templates".

Freelancer.com page showing request for malware writer.

A week earlier, the same user posted a job for the writer of botnet software that allowed a malicious hacker to hijack unwitting users' PCs ("zombies") to direct them to complete a task usually without the users' permission.

Botnet deployments have recently figured prominently in attempts by Wikileaks supporters to bring down infrastructure of those they accuse of denying service to the whistleblowers' website and leading to the apprehension and bailing last night of its founder, Julian Assange, in Britain to face questions over alleged sex misdemenours.

"Im [sic] looking for someone who has done similar jobs like this before and who know [sic] about trojans such as zeus [sic] and spyeye [sic]," wrote the user who identified himself as from Coventry.

Novak1 said the malware "must include a SOCK5 backconnect module" and a dashboard to view the data "also injects must be made for the sites that I give".

The average bid for the driving licence was about $300 while $900 was the indicative price for a botnet, the posting on Freelancer.com read.

Many of those responding for the jobs came from India and Pakistan although a US poster claiming to have the print contract for a California bus line also responded to the request.

Hypponen said Freelancer.com should search for keywords such as 'botnet' in posts and review them to block such ads.

"Obviously ads like these hurts the site itself," Hypponen said.

At a crowdsourcing conference last month, Freelancer.com chief executive officer Matt Barrie, pictured, said the costs for labour were falling to cents in the dollar spurred by cheap information workers in emerging economies.

A spokesman for Freelancer.com said the action was taken "as obviously they are against our [terms and conditions]".

"Unfortunately, just like the real world, there's always a few bad seeds that try to post dodgy projects," a Freelancer.com spokesman said.

"Our users are pretty vigilant at reporting these through the report violation links on the site. When they are brought to our attention, our support team takes these down immediately."