InsideMicrosoft

part of the Blog News Channel

Windows Vulnerability Was For Sale

How much is a Windows vulnerability worth to you? According to Mary Jo Foley, some Russian hacker groups were selling the Windows Metafile vulnerability, shopping it around in December for about $4,000. As eWeek explains, this was two weeks before security experts were aware of it, and well before a patch was shipped.

He said the hacker groups clearly didn’t understand exactly how the vulnerability functions and was more intent on selling it to cyber-criminals in Russia for quick profit.

“[R]esearch bodies did not have information about the fact that the exploit was being sold, due to the fact that it was created for the Russian market,” he added.

Jim Melnick, director of threat operations at Reston, Va.-based vulnerability research firm iDefense, said his team’s research confirms some of Gostev’s findings.

“We did see some early activity coming out of the Russian sites. There was a pump-and-dump stock scheme going on at the time and a Russian hacker who we think has some connection to this mentioned that the WMF flaw was already being exploited quietly,” Melnick said in an interview with eWEEK.

February 3rd, 2006 Posted by | General, Security | no comments



Hosting sponsored by GoDaddy

No Comments »

No comments yet.

Leave a comment