seeing as how i was once contacted by a representative of an AV company looking for assistance getting a particularly vocal virus writer put behind bars, i can assure you they don't reward malware coders - at least not the way you're thinking. that being said, mcafee's partnership with hbgary (in light of the revelation that hbgary wrote and sold malware to the government for large sums of money) could arguably be called a kind of reward for malware coders. i rather doubt the partnership was actually given to them in return for writing malware code, however. frankly, the broader security community is more likely to reward people for writing some novel bit of malware. the reward in that case, however, is usually respect, social status, fame, etc. they like to call those people researchers.