Hackers Offer Subscription, Support for Malware

Stony Stevenson writes "Organised gangs are taking a page out of security vendors' books and setting up their own websites that offer support and subscriptions for malware and spyware. From the article: 'For subscriptions starting as low as $20 per month, enterprises can sell fully managed exploit engines that spyware distributors and spammers can use to infiltrate systems worldwide, said Gunter Ollmann, director of security strategies at IBM's ISS X-Force team. Many exploit providers simply wait for Microsoft's monthly patches, which they then reverse engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said. "Then all you've got to do is just subscribe to them on a monthly basis.'"

Who didn't see this coming?

[zappepcs]

How long before we see a defection and find out that N.Korea or some other evil empire's government is sponsoring this type of activity. All that malware out there isn't just annoying you with spam, a lot of it is trying industrial espionage.

Re:Follow the money

[mpapet]

This will be the strategy that any company with a couple of lawyers of the world will pursue.

They've already legislated away some access to researching vulnerabilities with the DMCA.

Announcing security hole disclosure risks litigation in the U.S.

I'm most concerned about the American legislation that Microsoft will dream up to fight shops like this which will end up harming us all by limiting innovation.

Re:OSS support

[drinkypoo]

How about a study that hasn't been thoroughly debunked? The Linux vulns count includes applications that provide functionality that Windows doesn't provide, and the Windows vulnerabilities are on average open longer and more likely to be a remote root hole.