funsec mailing list archives
Researcher: WMF Exploit Sold Underground for $4,000
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Thu, 2 Feb 2006 17:04:55 -0500
http://www.eweek.com/article2/0,1895,1918198,00.asp Virus hunters combing through the wreckage of the zero-day WMF (Windows <http://www.eweek.com/article2/0,1895,1906177,00.asp> Metafile) attacks have found evidence that exploit code was being peddled by Russian hacker groups for $4,000 a pop. The first sign of an exploit was traced back to the middle of December 2005, a full two weeks before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code, says Alexander Gostev, a senior virus analyst at Kaspersky Lab. "One very important aspect of this case is that the vulnerability was first identified by members of the computer underground," Gostev said. "Around the middle of December, this exploit could be bought from a number of specialized sites. [Two or three] hacker groups from Russia were selling this exploit for $4,000," he added, confirming a widely held suspicion that a lucrative market exists for code that can exploit unpatched Windows vulnerabilities. According to Gostev, the rival hacker gangs did not seem to fully understand the exact nature of the vulnerability. It wasn't until a cyber-criminal purchased the code and found a way to incorporate it into adware, spyware and Trojan attacks that the severity of the vulnerability became public. In a research note that discusses the evolution of malware over the last three months, Gostev said it was most likely that the vulnerability was detected by an unnamed person around Dec. 1, 2005. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Researcher: WMF Exploit Sold Underground for $4,000 Richard M. Smith (Feb 02)
- Re: Researcher: WMF Exploit Sold Underground for $4,000 Blue Boar (Feb 02)
- <Possible follow-ups>
- Researcher: WMF Exploit Sold Underground for $4,000 Fergie (Feb 02)