Vista Zero-Day Exploit On Sales Now!

Windows Security : Vista Zero-Day Exploit On Sales Now!

Posted by Max on 2006/12/18 14:59:08 (1866 reads)

Underground hackers are selling zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

The Windows Vista exploit—which has not been separately verified—was just one of many zero-days available for sale at an auction-style market broken into by the Tokyo-based anti-virus vendor.

In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, declared prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the consistency of the attack code.

Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.

The Trend Micro finding highlights the true monetary value of software vulnerability information and serves as additional confirmation that a profitable underground market exists for exploit code targeting unpatched flaws.

Back in December 2005, researchers at Kaspersky Lab in Moscow found proof that the exploit code used in the WMF (Windows Metafile) attack was being advertised by Russian hacker groups for $4,000.

On the other hand, according to Genes, the typical worth of a destructive exploit has increased radically, driving an underground market that could exceed the value of the legal security software business.

"I think the malware industry is making more money than the anti-malware industry," Genes said.

Trend Micro's researchers also found the underground marketplace flooded with personal data stolen in phishing attacks and virtual money hijacked from online gamers.

Genes said the average prices for credit card and bank log-in data can vary dramatically, depending on the bank's brand and the way the data is mapped to names, Social Security numbers, dates of birth and physical addresses.

A custom Trojan capable of stealing online account information can be purchased for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.

Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300.

The auction marketplace is also advertising driver's licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25.

PayPal or eBay account credentials are available for $7, Genes said.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.