Windows zero-day exploit for sale

Hacker wants US$50,000 for malware

An online criminal has offered to sell software that exploits an unpatched bug in Microsoft's Windows Vista operating system, according to security vendor Trend Micro.

The code was offered for sale in an underground hacker discussion forum last month, said Raimund Genes, Trend Micro's chief technology officer. The asking price? US$50,000.

Genes didn't know if the code actually worked as advertised, or whether it was even purchased, but he said that it would have been difficult for the seller to have been involved with this particular forum without providing at least one reliable sample. "I think that definitely he had something," Genes said. "The question is whether somebody paid for this."

If the offer is legitimate it would be the first serious bug reported in Vista since it was released to business customers at the end of November. The consumer version of Vista is set to ship next month.

Microsoft is investigating Trend's claims but has "not been contacted directly by any parties about this vulnerability report, nor are we directly involved in the forums in which vulnerabilities are reportedly traded," the company said in a statement.

If someone did pay for the code -- called a "zero-day" exploit -- it was purchased at a premium price. According to Genes, a similar exploit for Internet Explorer would command about US$5,000. "This was way more," he said. "Maybe the person said, 'This is the first working exploit on Vista, so I can charge a premium.'"

Because Vista is not as widely adopted as Microsoft's XP or Windows Server 2003 operating systems, criminals would have fewer potential victims to attack with the code.

"To be honest [the price for a Vista zero day] should probably be lower," said Joe Telafici, vice president of Avert operations with McAfee Inc. "There's nobody to infect with it."

There have been far fewer vulnerability disclosures in the weeks up to Vista's commercial release than there were when XP was introduced, Telafici said. That's partially due to the expansion of the underground marketplace for software bugs, he said. While most hackers were motivated by the fame and glory just a few years ago, they growth of cybercrime has introduced a new breed of more stealthy professionals, security experts say.

Criminals who plan to use Vista vulnerabilities "are going to be holding them close to their chest until they are ready to release them," Telafici said. "I wouldn't be amazed if we saw vulnerabilities popping up over the next year that were found now."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?