WMF Exploit Sold Underground for $4,000

tero1176 writes "Eweek has a story with information from Kaspersky showing that exploit code used in the WMF malware attack was being peddled on underground sites by rival Russian hacker groups for $4,000 in early December. The first sign of an exploit was traced back to the December 1, 2005, a full month before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code. It serves as more proof that the market for malware is well and truly alive."

Maybe they should get involved...

[ackthpt]

It serves as more proof that the market for malware is well and truly alive."

Do you suppose Microsoft will try to enter this market, too?

What, you expected...

[Orrin Bloquy]

...open source exploits for a commercial OS?

Joke, don't waste your mod points here.

Access to this market

[davidgrouchy]

Will my AT&T "platinum," "gold" and "silver" levels of Internet access provide access to this underground market ?

Russians eh?

[Dragon of the Pants]

In Soviet Russia, code exploits you!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:And who is surprised

[grasshoppa]

Organized crime has found the internet, and they seem to like what they see. It's just like one huge, dark alley lined with endless smoke-filled lounges. Lots of seamy places to meet up. Anonimity if you want it. Under-the-table dealings. Faceless bosses and eager young turks with itchy trigger fingers.

The perfect growth media for scum and parasites.

You misspelled AT&T a few times in there.

DRM needed

[Anonymous Coward]

Ironically, copies of the exploit were pirated by a group of Chinese hackers and sold on Ebay for pennies on the dollar...

Re:And who is surprised

[Amouth]

oh be fair and leave the white house out of this.. you know W can't read

Re:Access to this market

[TubeSteak]

Sorry, but no.

Just wait till you get your next AOL Platinum trial CD in the mail. Then you'll be good.

Hmm..

[punkr0x]

So is windows exploits are worth $4,000 a pop, and Bill Gates is worth something like $50 billion, that adds up to... 12.5 million windows exploits. That number seems a little low, must be not all of them are worth 4 grand.

More expensive with Vista

[jbeaupre]

It will cost an extra $500 to get set up to sign your malware in order for it to install. Good thinking Microsoft. That extra 12.5% tax will make it totally uneconomical.

in soviet swedenuckistan...

[Anonymous Coward]

....dead parrot bakes pie and throws it at YOU!

Re:Windows Only?

[AndroidCat]

I remember a mud client, early version of Tintin, IIRC, which would make all players shout "Snowy rules, OK" if a client saw some particular text.

Not unlike Slashdot where certain text will cause all readers to post "All your base", "Soviet Russia", "..only old people", "3. Profit!" comments.

unknown name?

[AyeRoxor!]

"[...] the vulnerability was detected by an unnamed person around Dec. 1, 2005."

Ok, what are the chances that this person really has no name?!

I'm going to have to call shenanigans on this whole article.

Re:Russians eh?

[MadUndergrad]

Also the fact that things like the Spanish Inquisition are used so infrequently these days that when one actually is used it's that much more effective. Last time I said "supposing two carried it together" it got quite a few laughs.

Re:Maybe they should get involved...

[geekoid]

Yes. you are the only one here that thinks the problem would through us back to the stone ages.

You are hear by forbidden from ever using statistics or percentages again.

Great seller!

[saboola]

Exploit works as advertised!!! Speedy email!! Would Buy From AGAIN!! A+++++++++++! :)

Re:Maybe they should get involved...

[ozmanjusri]

You are hear by forbidden from ever using statistics or percentages again.

You are the only one here who thinks hereby is spelled "hear by" or throw is spelled "through". *

You are hereby forbidden to use the English language in a pedantic and patronising manner ever again.

* Probably not true