Researcher: WMF Exploit Sold Underground for $4,000

["Richard M. Smith" <rms () bsf-llc com>]

http://www.eweek.com/article2/0,1895,1918198,00.asp

Virus hunters combing through the wreckage of the zero-day WMF (Windows
<http://www.eweek.com/article2/0,1895,1906177,00.asp> Metafile) attacks have
found evidence that exploit code was being peddled by Russian hacker groups
for $4,000 a pop.

The first sign of an exploit was traced back to the middle of December 2005,
a full two weeks before anti-virus vendors started noticing mysterious WMF
files rigged with malicious executable code, says Alexander Gostev, a senior
virus analyst at Kaspersky Lab.

"One very important aspect of this case is that the vulnerability was first
identified by members of the computer underground," Gostev said. 


"Around the middle of December, this exploit could be bought from a number
of specialized sites. [Two or three] hacker groups from Russia were selling
this exploit for $4,000," he added, confirming a widely held suspicion that
a lucrative market exists for code that can exploit unpatched Windows
vulnerabilities.

According to Gostev, the rival hacker gangs did not seem to fully understand
the exact nature of the vulnerability. 


It wasn't until a cyber-criminal purchased the code and found a way to
incorporate it into adware, spyware and Trojan attacks that the severity of
the vulnerability became public. 


In a research note that discusses the evolution of malware over the last
three months, Gostev said it was most likely that the vulnerability was
detected by an unnamed person around Dec. 1, 2005. 


... 


 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.