WMF Exploit Sold Underground for $4,000

tero1176 writes "Eweek has a story with information from Kaspersky showing that exploit code used in the WMF malware attack was being peddled on underground sites by rival Russian hacker groups for $4,000 in early December. The first sign of an exploit was traced back to the December 1, 2005, a full month before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code. It serves as more proof that the market for malware is well and truly alive."

Re:Bad Deal

[hal9000(jr)]

The exploit is a flop. The guy should get his money back.

Huh? It worked just dandy on all the machines I tested on. Well, at least the Metasploit WMF exploit [metasploit.com] mods did.

It's not the sellers fault those pesky white hat hackers discovered it so soon. :) Buyer beware!

Re:Actually...

[tajmorton]

Wikipedia article [wikipedia.org]

Re:Actually...

[storem]

Technical Explanation (Wikipedia says this doesn't exist anymore :) )

http://web.archive.org/web/20000302035403/http://w ww.cryptonym.com/hottopics/msft-nsa/msft-nsa.html [archive.org]

I tried it myself...

[Babayasin]

...from the Metasploit framework. That exploint was a champ. 99.9% guaranteed remote trojan installation. In fact, it was enough just to HOVER OVER the file in a directory so that Explorer would try to get its properties - and ooops.