Vista Zero-Day Exploit For Sale 233
Snakepit Bit writes "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit, which has not been independently verified, was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the anti-virus vendor. Prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range. Bots and Trojan downloaders that typically hijack Windows machines for use in botnets were being sold for about $5,000." From the article: "According to [Trend Micro CTO Raimund] Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."
Re:Please define "zero-day" (Score:4, Informative)
No, it's an exploit released before there's a patch that fixes the hole the exploit exploits.
zero-day warez are cracked (i.e. DRM removed) versions of programs available on the same day or before the commercial versions are released.
Re:Please define "zero-day" (Score:1, Informative)
Re:Auctions (Score:1, Informative)
Well, Duh! (Score:3, Informative)
Malware is a profit-making industry. Anti-malware is aimed at eliminating profits, not making them. It doesn't take an economic genius to understand the implications.
How many times have
Re:Please define "zero-day" (Score:5, Informative)
Then security vendors tried to use it to mean any vulnerability without a patch, known or unknown because then they could rightly claim that their software mitigated a 0-day vulnerability, which really meant thier software could mitigate a known vulnerability. That's where the media idiots jumped in because 0-day sound cool and scary.
There is no point in trying to correct them. That ship has sailed. Just like "hacker" now means criminal when the original definition was a badge of honor.
Now that the vulnerability is known, it is just an unpatched vulnerability.
WinXP Security Configuration Guide (Score:3, Informative)
http://download.microsoft.com/download/5/3/b/53b5
If you have the patience to follow that guide, then your WinXP will be locked down and secure.
Re:Ah... (Score:3, Informative)
I don't think malware is a myth, but I do think that running limited privileges, a dedicated router, and Mozilla does a lot but so does not installing shareware on windows machines and staying out of porn, , gambling and other less reputable sites help a lot. Most reasonably intelligent people know when they're getting into the "bad neighborhoods" on the net, and if they don't shut-down the brain when they turn on the computer they do OK.