Just came across an alarming article about how spyware / wormware writers are using professional software development methods to craft Internet worms.

Gregg Keizer reports:

A pair of research reports have explored the long-running Bagle worm and laid out a chronology that points to a professional developer who, like counterparts in the commercial software world, is constantly testing, tweaking, and improving his code for profit, not pride of ownership.
The Bagle worm debuted in mid-January 2004, and according to most anti-virus firms, has been spotted in 60 to 100 variations since then. It’s also usually credited with starting the malware-for-profit movement among hackers, who prior to the ground-breaking worm, typically were motivated by notoriety.

Jason Gordon, an analyst with security research firm infectionvectors.com by night, a security consultant to Department of Defense clients by day, spent the last year watching each edition of Bagel, and recently completed the final third of a three-part report.

“In the year since its release,” he wrote in that report, “Bagle has had a major impact on the Internet” primarily because it was, and remains, “a leader in the nefarious Web economy of spamming, phishing, and stealing passwords.”

Read more here