Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows IT

Vista Zero-Day Exploit For Sale 233

Posted by kdawson from the crack-bazaar dept.
Snakepit Bit writes "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit, which has not been independently verified, was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the anti-virus vendor. Prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range. Bots and Trojan downloaders that typically hijack Windows machines for use in botnets were being sold for about $5,000." From the article: "According to [Trend Micro CTO Raimund] Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."
This discussion has been archived. No new comments can be posted.

Vista Zero-Day Exploit For Sale More

Vista Zero-Day Exploit For Sale

Comments Filter:

  • Re:Please define "zero-day" (Score:4, Informative)

    by Omnifarious ( 11933 ) * <eric-slash@omnif ... g minus language> on Saturday December 16, 2006 @05:17PM (#17271396) Homepage Journal

    No, it's an exploit released before there's a patch that fixes the hole the exploit exploits.

    zero-day warez are cracked (i.e. DRM removed) versions of programs available on the same day or before the commercial versions are released.

  • Re:Please define "zero-day" (Score:1, Informative)

    by bigtomrodney ( 993427 ) * on Saturday December 16, 2006 @05:18PM (#17271414)
    No a Zero-Day exploit is one which is capable of exploiting on or before the vulnerability is discovered/made public. So the author was possibly the only one with knowledge of the vulnerability. Wiki Article [wikipedia.org] Of course the usual amount of misunderstanding of the terminology has diluted the meaning somewhat.

  • Re:Auctions (Score:1, Informative)

    by Anonymous Coward on Saturday December 16, 2006 @05:33PM (#17271526)
    search http://astalavista.box.sk/ [astalavista.box.sk]

  • Well, Duh! (Score:3, Informative)

    by jc42 ( 318812 ) on Saturday December 16, 2006 @05:34PM (#17271532) Homepage Journal
    'I think the malware industry is making more money than the anti-malware industry,' Genes said.

    Malware is a profit-making industry. Anti-malware is aimed at eliminating profits, not making them. It doesn't take an economic genius to understand the implications.

    How many times have /. readers been reminded that companies exist to generate profit for their owners?

  • Re:Please define "zero-day" (Score:5, Informative)

    by Anonymous Coward on Saturday December 16, 2006 @07:05PM (#17272114)
    The media idiots and security vendors bastardized this term. 0-day originally meant an vulnerability unknown to the vendor hence there is no patch or work-around for it.

    Then security vendors tried to use it to mean any vulnerability without a patch, known or unknown because then they could rightly claim that their software mitigated a 0-day vulnerability, which really meant thier software could mitigate a known vulnerability. That's where the media idiots jumped in because 0-day sound cool and scary.

    There is no point in trying to correct them. That ship has sailed. Just like "hacker" now means criminal when the original definition was a badge of honor.

    Now that the vulnerability is known, it is just an unpatched vulnerability.

  • WinXP Security Configuration Guide (Score:3, Informative)

    by flyingfsck ( 986395 ) on Saturday December 16, 2006 @11:23PM (#17273928)
    Windows XP Professional Common Criteria Configuration Guide:
    http://download.microsoft.com/download/5/3/b/53b53 a3e-39d5-4d30-86f2-146aa2c7be45/wxp_common_criteri a_configuration_guide.zip [microsoft.com]

    If you have the patience to follow that guide, then your WinXP will be locked down and secure.

  • Re:Ah... (Score:3, Informative)

    by budgenator ( 254554 ) on Sunday December 17, 2006 @11:06PM (#17282306) Journal
    since comcast provides McAfee free of additional charges, I decided to load it up on the Wife's WinXP SP2 machine, and I found it actually painful to run on a machine with rudimentary security measures like limited user privileges; then after I thought about it, the only malware ever found in the machine was in the step son's temp internet files. If the malware is effectively contained in an temp file area and never get a chance to get installed, then things must be locked down, so I yanked McAafee and just run clamWin,adaware and spybot every so often.

    I don't think malware is a myth, but I do think that running limited privileges, a dedicated router, and Mozilla does a lot but so does not installing shareware on windows machines and staying out of porn, , gambling and other less reputable sites help a lot. Most reasonably intelligent people know when they're getting into the "bad neighborhoods" on the net, and if they don't shut-down the brain when they turn on the computer they do OK.

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close