Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

WMF Exploit Sold Underground for $4,000

CmdrTaco posted more than 7 years ago | from the now-that's-just-scary dept.

Security 166

tero1176 writes "Eweek has a story with information from Kaspersky showing that exploit code used in the WMF malware attack was being peddled on underground sites by rival Russian hacker groups for $4,000 in early December. The first sign of an exploit was traced back to the December 1, 2005, a full month before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code. It serves as more proof that the market for malware is well and truly alive."

cancel ×

166 comments

Sorry! There are no comments related to the filter you selected.

Bad Deal (3, Interesting)

lseltzer (311306) | more than 7 years ago | (#14630028)

The exploit is a flop. The guy should get his money back.

Re:Bad Deal (-1, Offtopic)

lseltzer (311306) | more than 7 years ago | (#14630046)

Oooh! My first first post!

Re:Bad Deal (0, Offtopic)

ackthpt (218170) | more than 7 years ago | (#14630079)

Oooh! My first first post!

I don't think that anyone cares about this. They're all reading about [di2.nu] this [wikipedia.org] story [bbc.co.uk] .

Congratulations. You are a winner! (0)

Anonymous Coward | more than 7 years ago | (#14630237)

Oooh! My first first post!

And you get your first first offtopic post too... for free!

Re:Bad Deal (2, Informative)

hal9000(jr) (316943) | more than 7 years ago | (#14630089)

The exploit is a flop. The guy should get his money back.

Huh? It worked just dandy on all the machines I tested on. Well, at least the Metasploit WMF exploit [metasploit.com] mods did.

It's not the sellers fault those pesky white hat hackers discovered it so soon. :) Buyer beware!

Re:Bad Deal (2, Insightful)

lseltzer (311306) | more than 7 years ago | (#14630184)

It worked, but it was supposed to be the tool of a major outbreak that never materialized, and is now unlikely to.

Re:Bad Deal (2, Insightful)

grcumb (781340) | more than 7 years ago | (#14630474)

"It worked, but it was supposed to be the tool of a major outbreak that never materialized, and is now unlikely to."

True, but it never happened in the same way the Y2K crisis 'didn't happen'. It was prevented by the concerted action of a very large number of people who re-emptively developed and deployed a patch to fill the gap until the vendor-provided one happened along. If it hadn't been for the public dissemination of the risk assessment and analytical data, this could have been a big problem.

That said, the damage was also mitigated by the fact that the black hats using the exploit decided not to package it in a highly virulent form. Nonetheless, the potential for widespread damage was very real - and remains a danger to those few who have yet to patch their systems.

Re:Bad Deal (0, Troll)

dekemoose (699264) | more than 7 years ago | (#14631027)

Either that, or like the Y2K crisis it was never that big of a deal to begin with.

Malware Headquarters: +1, Informative (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#14630330)


is located at Al-Qaeda Headquarters [whitehouse.org] .

The world is much simpler than most people think.

Sincerely,
Kilgore Trout, C.E.O.

Re:Bad Deal (3, Insightful)

DrSkwid (118965) | more than 7 years ago | (#14630495)

If you buy an exploit for $4000, chances are you already have a target.

And, you've probably bought one before and made more than the $4000 you are about to spend.

Perhaps they got the trade secrets / passwords they were after in a few hours, not the month it took to become Zero Day, lol, now there's a misnomer !

Maybe they should get involved... (5, Funny)

ackthpt (218170) | more than 7 years ago | (#14630042)

It serves as more proof that the market for malware is well and truly alive."

Do you suppose Microsoft will try to enter this market, too?

Re:Maybe they should get involved... (1)

ZeroExistenZ (721849) | more than 7 years ago | (#14630131)

Only after google went there and Microsoft has to "keep up" again.

Re:Maybe they should get involved... (1)

ackthpt (218170) | more than 7 years ago | (#14630177)

Only after google went there and Microsoft has to "keep up" again.

We'll [wikimedia.org] call it the Ecch-Box

Re:Maybe they should get involved... (0)

hal9000(jr) (316943) | more than 7 years ago | (#14630132)

Do you suppose Microsoft will try to enter this market, too?

<obligatory microsoft bash>They established that market with the introduction of Windows 1.0</obligatory microsoft bash>

Re:Maybe they should get involved... (0)

Anonymous Coward | more than 7 years ago | (#14630384)

Do you suppose Microsoft will try to enter this market, too?

They already have! Look at the Carma Sutra worm. Tomorrow it goes crazy, and you can't get the patch/update unless you are paid up on your security/extortion money already. If that does not work they may try your knee caps next.

Re:Maybe they should get involved... (1)

dekemoose (699264) | more than 7 years ago | (#14631079)

It's not a patch, there is no patch. You can, however, get the update for Microsofts security tools which will remove it. Or, you can run one of the removal tools from the anti-virus vendors.

ftp://ftp.f-secure.com/anti-virus/tools/f-force.zi p [f-secure.com]

Re:Maybe they should get involved... (2, Interesting)

pHatidic (163975) | more than 7 years ago | (#14630385)

Am I the only one who thinks it's scary that a zero day exploit with the potential to take society back to the stone age sold for less than the cost of a nice flat panel TV? Assuming the laws of supply and demand hold on the black market, it means that opportunities to destroy 90% of the word's IT infrastructure are common as dirt.

Re:Maybe they should get involved... (1)

hunterx11 (778171) | more than 7 years ago | (#14630433)

Yeah, it was really tough back in the 40's. I don't know how my grandparents survived using stone tools. But there are greater concerns than that. Have you ever seen the movie WarGames [imdb.com] ? Apparently we have to worry about computer hackers launching nuclear missiles too.

Re:Maybe they should get involved... (0)

Anonymous Coward | more than 8 years ago | (#14631369)

I just use Linux, I don't have those Windows problems.

Re:Maybe they should get involved... (2, Interesting)

Anonymous Coward | more than 7 years ago | (#14630446)

I think that these stories just show how out of touch these security 'experts' are. We have exploits for sale online that end up in the wild. How long does it take the security/antivirus companies to start taking notice?

Remember the Sony Rootkit fiasco? How many thousands of computers did that compromise and for how many months before they found out about it? And then how many of the AV vendors jumped at the chance to list an item from a major record label as 'malware'?

Then consider how slow the AV companies were to detect spyware. "Oh, it's installed at the user's choice, we shouldn't be detecting or removing it." Yeah, thanks a lot you braindead idiots, it's not like the same spyware might use security exploits as an install vector, same as certain worms and viruses.

Can you tell that I have a small amount of contempt for these 'experts'? They've even managed to convince the users that their products are a neccessity, instead of a too-little-too-late bandaid measure.

Re:Maybe they should get involved... (1)

jzeejunk (878194) | more than 7 years ago | (#14630449)

no i think Google is more likely to enter this marke too

Re:Maybe they should get involved... (0)

Anonymous Coward | more than 7 years ago | (#14630801)

Even if they don't, Google will.

Re:Maybe they should get involved... (1)

geobeck (924637) | more than 7 years ago | (#14630809)

Do you suppose Microsoft will try to enter this market, too?

Enter it? They created it!

Actually... (2, Interesting)

_KiTA_ (241027) | more than 7 years ago | (#14630838)

Pardon me if I am remembering things wrong, but wasn't there a hidden "_NSAKEY" variable or something like that hidden in some WinNTs, that Microsoft never could explain?

Re:Actually... (4, Informative)

tajmorton (806296) | more than 7 years ago | (#14630983)

Wikipedia article [wikipedia.org]

Re:Maybe they should get involved... (1)

Pollardito (781263) | more than 7 years ago | (#14630911)

i heard that they may start a licensing program for exploits. not to make money or anything, they just want to lock out hobbyists they don't have time for

Maybe they should lay off security researchers... (0)

Anonymous Coward | more than 8 years ago | (#14631230)

Wasn't Microsoft pissed about the WMF vulnerability being disclosed to the public before a patch was available? They certainly have whined about other announcements. Well, this completely justifies independent announcement of vulnerabilities. The bad guys already know about them, and are using them. Reporting to the vendor won't help nearly as much as publishing a third party fixes.

Re:Maybe they should get involved... (1)

baKanale (830108) | more than 8 years ago | (#14631314)

Do you suppose Microsoft will try to enter this market, too?

Either way they win!

Kinda like how Bill Gates owns Apple stock.

What, you expected... (4, Funny)

Orrin Bloquy (898571) | more than 7 years ago | (#14630050)

...open source exploits for a commercial OS?

Joke, don't waste your mod points here.

Re:What, you expected... (1)

TubeSteak (669689) | more than 7 years ago | (#14630356)

GPLed exploit code

Googd luck trying to sue the bastards who modify but don't give back to the community.

Metasploit (0)

Anonymous Coward | more than 7 years ago | (#14630066)

Idiots should've used metasploit. It had it for a long time.

Access to this market (5, Funny)

davidgrouchy (661051) | more than 7 years ago | (#14630073)

Will my AT&T "platinum," "gold" and "silver" levels of Internet access provide access to this underground market ?

Re:Access to this market (2, Funny)

TubeSteak (669689) | more than 7 years ago | (#14630378)

Sorry, but no.

Just wait till you get your next AOL Platinum trial CD in the mail. Then you'll be good.

Ah, Windows (0, Offtopic)

Overly Critical Guy (663429) | more than 7 years ago | (#14630080)

As usual, Mac and Linux users are unaffected and wonder why everyone relies on such unreliable software. And the world turns...

Re:Ah, Windows (0)

Anonymous Coward | more than 7 years ago | (#14630109)

Nor my DOS computer

Windows Only? (5, Interesting)

ackthpt (218170) | more than 7 years ago | (#14630156)

As usual, Mac and Linux users are unaffected and wonder why everyone relies on such unreliable software. And the world turns...

So you think Mac and Linux are as unlikely to be unaffected by such?

While it might be hard to purposely code exploits into Windows and Mac, if you were an insider plotting to take advantage of it some day and don't mind losing your job over it. Isn't it more possible to pull a fast one on Open Source, assuming you covered your tracks well enough the few would find it on first glance.

I remember a mud client, early version of Tintin, IIRC, which would make all players shout "Snowy rules, OK" if a client saw some particular text. Not necessarily as bad as it could have been, someone could code the client to [remove all, drop all, flee] on a command if they had wanted. People only became aware of the stunt after the coder logged onto a mud and said "yo"

Re:Windows Only? (0, Flamebait)

Monkelectric (546685) | more than 7 years ago | (#14630239)

Haha you're the kind of person that thinks anyone cares what happens in a mud :)

Re:Windows Only? (4, Interesting)

user24 (854467) | more than 7 years ago | (#14630372)

Already tried - a little while ago someone tried to slip a backdoor into the linux kernel.

Fortunately, the backdoor was caught via exactly the kind of peer review that open source allows.

see http://kerneltrap.org/node/1584 [kerneltrap.org]

with open source, it's easier to get trojaned code in, but harder for it to stay there. on the reverse, who knows what could be lurking in MS code? I quote:

"A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."
(http://www.eweek.com/article2/0,3959,5264,00.asp [eweek.com] )

Re:Windows Only? (1)

DrSkwid (118965) | more than 7 years ago | (#14630712)

"A senior Microsoft Corp. executive told a federal court last week ..."

Did he say "we would dearly love to release our Source Code, but we can't because ..."

MS are convicted criminals. In legal speak you can't say "they are of good character" ergo, anything they tell you must be taken as a potential lie.

That Windows Source has undisclosed bugs and exploits is not news so they can use that information to their advantage, not anyone elses.

Re:Windows Only? (1)

Overly Critical Guy (663429) | more than 7 years ago | (#14630721)

So you think Mac and Linux are as unlikely to be unaffected by such?

Well, OS X at least, because any kind of system changes that are often required by these trojans to hook themselves into the system gives either a password prompt or just doesn't work at all. Root isn't even enabled on default installs of OS X. There's no registry to bury arcane system-hook entries in either.

I'd imagine in Linux such system attacks just don't work since they have no way to hook in and propagate, but it's been about a couple of years since I used Linux.

Re:Windows Only? (1)

TrancePhreak (576593) | more than 7 years ago | (#14630845)

Who needs root to email or wipe personal data? It's not really that simple of a question. It because quite a bit easier when one is found, but until then we can only wonder if it is possible.

Re:Windows Only? (4, Funny)

AndroidCat (229562) | more than 7 years ago | (#14630779)

I remember a mud client, early version of Tintin, IIRC, which would make all players shout "Snowy rules, OK" if a client saw some particular text.

Not unlike Slashdot where certain text will cause all readers to post "All your base", "Soviet Russia", "..only old people", "3. Profit!" comments.

Russians eh? (4, Funny)

Dragon of the Pants (913545) | more than 7 years ago | (#14630103)

In Soviet Russia, code exploits you!

Re:Russians eh? (4, Insightful)

dasnov (900499) | more than 7 years ago | (#14630129)

how many times will 'jokes' like this be modded funny?

Re:Russians eh? (1)

Hitokiri (220183) | more than 7 years ago | (#14630244)

I think they were moderating the sig.

Re:Russians eh? (2, Insightful)

miffo.swe (547642) | more than 7 years ago | (#14630277)

The whole point of jokes like that is they get funnier the more worn out and lame they get. They arent supposed to be funny in themselves. I suppose its a cultural thing. I cant stand slapstick and US humour with pie throwing and at the same time i cant understand why someone dont think the dead parrot with Monty Python is hilarious.

in soviet swedenuckistan... (0, Funny)

Anonymous Coward | more than 7 years ago | (#14630710)

....dead parrot bakes pie and throws it at YOU!

Re:Russians eh? (1)

blincoln (592401) | more than 7 years ago | (#14630738)

I understand this phenomenon, but I don't think the "in Soviet Russia..." joke is a good example of it. "No one expects the Spanish Inquisition!" is one that gets better every time IMO.

Re:Russians eh? (2, Funny)

MadUndergrad (950779) | more than 8 years ago | (#14631292)

Also the fact that things like the Spanish Inquisition are used so infrequently these days that when one actually is used it's that much more effective. Last time I said "supposing two carried it together" it got quite a few laughs.

Re:Russians eh? (1)

DrSkwid (118965) | more than 7 years ago | (#14630555)

for as long as they are funny

f007

Re:Russians eh? (0, Redundant)

caluml (551744) | more than 7 years ago | (#14630273)

In Soviet Russia, you exploit hackers!

Re:Russians eh? (0)

Anonymous Coward | more than 7 years ago | (#14630392)

Hey, that one isn't half bad. I like the ring of "exploit" in this context.

Re:Russians eh? (1)

user24 (854467) | more than 7 years ago | (#14630413)

don't you mean ex-Soviet?

---
and yes /. sometimes I *can* write a reply in less than 15 seconds.

Re:Russians eh? (1)

Wolvie MkM (661535) | more than 7 years ago | (#14630621)

Yes... That's what we wanted you to Believe!!

Re:Russians eh? (1)

BBobberson (922215) | more than 7 years ago | (#14630962)

Your comment is rated at 0!?

Does no one here watch the Simpsons [wikipedia.org] ?

what is the world coming to...

Oops... (0)

Pheersome (116234) | more than 7 years ago | (#14630136)

more proof

You misspelled "evidence".

Re:Oops... (0, Offtopic)

cburman (129701) | more than 7 years ago | (#14630326)

I just came up with the word "guessvertisement".

No, I don't know either.

Sorry.

I wonder.... (1)

up2ng (110551) | more than 7 years ago | (#14630146)

I wonder how much someone from an A/V company paid "Melissa" to leave the guy who wrote the virus/worm ?

Is it just me or does it seem like there is no money to be made with this "underground" stuff. $20 for Win NT/2000 source $4,000 for this.
Maybe he should sue Apple, I have to believe he bought an iPod with his new found treasure, and we all know it kills ears dead http://it.slashdot.org/comments.pl?sid=175984&cid= 14627254 [slashdot.org]

Biggest question (2, Funny)

cloudkj (685320) | more than 7 years ago | (#14630150)

My biggest question is, where is the eBay link to the sale?

And who is surprised (5, Interesting)

theCat (36907) | more than 7 years ago | (#14630171)

There have been shadowy glimpses of this "other economy" for a while, in the bot army cottage industry and the various rackets where popular sites are threatened with black-out if they don't pay for "protection". But all that is just the warmup to the big show.

Organized crime has found the internet, and they seem to like what they see. It's just like one huge, dark alley lined with endless smoke-filled lounges. Lots of seamy places to meet up. Anonimity if you want it. Under-the-table dealings. Faceless bosses and eager young turks with itchy trigger fingers.

The perfect growth media for scum and parasites.

Re:And who is surprised (2, Funny)

grasshoppa (657393) | more than 7 years ago | (#14630278)

Organized crime has found the internet, and they seem to like what they see. It's just like one huge, dark alley lined with endless smoke-filled lounges. Lots of seamy places to meet up. Anonimity if you want it. Under-the-table dealings. Faceless bosses and eager young turks with itchy trigger fingers.

The perfect growth media for scum and parasites.


You misspelled AT&T a few times in there.

Re:And who is surprised (2, Funny)

Amouth (879122) | more than 7 years ago | (#14630329)

oh be fair and leave the white house out of this.. you know W can't read

Re:And who is surprised (1)

WinterSolstice (223271) | more than 7 years ago | (#14630649)

So the internet is basically Tatooine? That rocks!

-WS

Re:And who is surprised (1)

corbettw (214229) | more than 7 years ago | (#14630687)

Organized crime has found the internet

I suddenly had a vision of Robert DeNiro in "Analyze This!", saying "Get with the times? What do you want to do, start a fuckin' web page?"

Re:And who is surprised (0)

Anonymous Coward | more than 7 years ago | (#14630693)

You forgot something important - the almost endless supply of rubes begging to be fleeced.

Re:And who is surprised (1)

the_furman (931683) | more than 7 years ago | (#14630786)

I think that you're taking the analogy way the hell too far. Think of it, this exploit was one of the more effective Windows exploits for a while - at least of those that I remember - and it sold for a measly 4000 bucks. This is way too little for any serious criminals to get involved. While I don't know the exact prices, I'm sure that it is much much easier to generate returns of this scale by selling small quantities of drugs, which is easier, takes much less education and skill, and is a lot less tracable. Once the figures jump by an order of magnitude or two, we can talk about serious organized crime. For now, it's still a loose network of antisocial teenagers with entirely too much time on their hands.

Re:And who is surprised (2, Insightful)

Dr.Syshalt (702491) | more than 7 years ago | (#14630970)

"Organized crime"? Oh, no. I know such guys - not in person, but I've had "talks" with them online - they are surprisingly blunt with us, russian security specialists and webmasters. They are mostly young (17-25) russians, living in exUSSR republics (Estonia, Ukraine), usually jobless - or even if they have a job, an income is usually very low. They are just geeks who have chosen a dark side of the Force.

Why would anyone pay when you can just simply... (0)

Anonymous Coward | more than 7 years ago | (#14630190)

... open up IE on a fresh Windows XP installation and let 'er rip!

really, you don't say? (1)

corbettw (214229) | more than 7 years ago | (#14630214)

It serves as more proof that the market for malware is well and truly alive.

No kidding, they've got a whole aisle over at Fry's for this stuff. No, not the anti-viral stuff. Look over in the office productivity and word processing section. They even bundle it together sometimes!

Security Through Obscurity, anyone? (1)

Grendel Drago (41496) | more than 7 years ago | (#14630228)

So, let's hear someone argue against full disclosure now, eh?

Re:Security Through Obscurity, anyone? (1)

borawjm (747876) | more than 7 years ago | (#14630280)

So, let's hear someone argue against full disclosure now, eh?

I'm fairly confident that Microsoft would not be able to keep up with the wave of bugs discovered once/if they do release their source. They have a hard time keeping up as it is.

Not that kind of full disclosure. (1)

Grendel Drago (41496) | more than 7 years ago | (#14630430)

I meant full disclosure as in releasing the details of an exploit as soon as it's found, instead of keeping it covered up until a fix is released.

Re:Security Through Obscurity, anyone? (1)

rbarreira (836272) | more than 7 years ago | (#14630897)

Well, there are two possibilities:

Either a white hat discovers a vulnerability when it's already known by some black hats or the vulnerabity isn't known by any blackhats yet.

In the first case, full disclosure means that everyone will know it, which will allow all the black hats to exploit the public with it before the company has a chance to fix it and deploy (or at least try) the fix. Those are the disadvantages - the only advantage I see is that no black hats will be able to make money selling the vulnerability information. Conclusion - the world loses, the black hats win.

In the second case, it's really the same as the first one, with the exception that no black hats were exploiting the vulnerability before.

What really are the advantages of full disclosure in your mind? I can only see it being useful on those cases where the vendor has known and ignored the vulnerability for months - it forces them to fix it and therefore improves the situation if the first case I presented is the true one for the vulnerability in question.

The hacking world. (2)

oztiks (921504) | more than 7 years ago | (#14630240)

It just goes to show how much the underground actually retains as far as exploit code is concered. Makes you think what else is circulating which the general public doesnt know about.

The War Against Spam (5, Interesting)

Phroggy (441) | more than 7 years ago | (#14630267)

This is a huge issue that the general public is completely unaware of. Most people still believe that viruses are created as an annoying prank by kids with something to prove. This may be true in some cases, but most of the malware out there now is created for a very specific purpose: building a botnet that can be sold for cold hard cash to the highest bidder. Who's buying them? Spammers.

It used to be that spammers would look for open relay servers in third-world countries, and let those servers do all the work of actually sending the messages. The server administrators either didn't care, or didn't know how to fix the problem, and the language barrier made things difficult. So, people started making blacklists of known open relays, and just refusing any mail that came from those IPs. Spammers would keep finding more open relays, and the blacklists grew.

Eventually, mail servers started coming pre-configured not to allow relaying, and as servers were upgraded, spammers had to move on. Spammers started commissioning worms, paying people to write software that would infect Windows machines remotely over the Internet, and open up a backdoor for the spammers to access. Suddenly you've got hundreds of thousands of IP addresses responsible for sending spam, with many of them on dynamic IPs. There's no good way to blacklist them all, since they keep changing!

Enter Windows XP Service Pack 2, with a software firewall enabled by default. As people upgrade, worms like Code Red and Nimda are no longer effective. So what's next? Spreading viruses through e-mail, IM, and the Web.

So, look for improvements in antivirus software in the next couple of years, as the war against spam continues. Then look for the spammers to find a new way to get their crap into your inbox.

Re:The War Against Spam (4, Insightful)

drinkypoo (153816) | more than 7 years ago | (#14630459)

Enter Windows XP Service Pack 2, with a software firewall enabled by default. As people upgrade, worms like Code Red and Nimda are no longer effective. So what's next? Spreading viruses through e-mail, IM, and the Web.

You left out something important: Outlook express would execute code by default, so email was kind of the de facto vector for virus propagation until they started closing down OE [somewhat] and that's when worms really took off.

Before that, it was mostly viruses attached to programs. You'd attach a new virus to some really desirable warez and upload the stuff to a BBS. The BBS owner would run the software and the virus would attach itself to lots of other software, any time they repacked it for their chosen archive format...

Re:The War Against Spam (1)

Phroggy (441) | more than 7 years ago | (#14630673)

Before that, it was mostly viruses attached to programs. You'd attach a new virus to some really desirable warez and upload the stuff to a BBS. The BBS owner would run the software and the virus would attach itself to lots of other software, any time they repacked it for their chosen archive format...

That was a different kind of virus, not sponsored by spammers. Back then, it really WAS created by kids with something to prove, and there was no money in it.

You're right about Outlook Express (although I think Outlook was even more vulnerable than OE was), but again, I think this was mostly before the spammers got involved.

Re:The War Against Spam (1)

AndroidCat (229562) | more than 7 years ago | (#14630730)

The BBS owner would run the software and the virus would attach itself to lots of other software, any time they repacked it for their chosen archive format...

I think you mean each time they inserted an advertisement for their BBS into every archive that passed through. It wasn't uncommon to download zips with ads for several different boards.

Re:The War Against Spam (1)

drinkypoo (153816) | more than 7 years ago | (#14630919)

Actually, you don't have to unpack a zip to add a comment. It's only if you're changing to rar/ace/zoo/whatever (I used LHA, in the short time I ran anything, but it was pre-RAR) that your executables are necessarily exposed.

DRM needed (5, Funny)

Anonymous Coward | more than 7 years ago | (#14630299)

Ironically, copies of the exploit were pirated by a group of Chinese hackers and sold on Ebay for pennies on the dollar...

A "Do we report it" Story (4, Interesting)

OctoberSky (888619) | more than 7 years ago | (#14630383)

This is one of those "Do we, the media, report it?" stories.
This article is pretty meaningless as far as the bigger picture goes, and it probably could have gone unpublished in my mind and no one would have really cared. But it may do more damage than good by being published.
This article shows, and maybe it's because I work with criminals all day (Public Defenders office), that writing malware pays. Before it was for notoriety or to prove you could or to piss people off, but now it can provide an income source and I think we will be seeing more of it from now on just because people are going to be trying to make a buck off of it.
We live in a socitey where a Million-Dolllar-Homepage gets filled (it recently did), where the Gotti family has its own TV show and where Carrot top is a rich man. Our lust for money leads us down the less then friendly paths, and this article reports, once again... that crime does infact pay.

Re:A "Do we report it" Story (1)

E-Rock (84950) | more than 7 years ago | (#14630620)

Yea, but everyone already knew that (crime pays). Luckily, finding security holes in products is hard work and that keeps most of the criminally inclined away.

Re:A "Do we report it" Story (1)

DrSkwid (118965) | more than 7 years ago | (#14630679)

You only have to look at the history of the world and where the govts. of Europe came from.

My govt. is the ashes of the 1066 invasion of England by France, definitely a crime. Our Royal Family are some of the world's richest people. They didn't amass that fortune through hard work, sweat and toil. Their ancestors killed people for it. Plain and simple.

Crime pays, it even pays you!

Re:A "Do we report it" Story (1)

odyaws (943577) | more than 8 years ago | (#14631143)

But it may do more damage than good by being published. This article shows, and maybe it's because I work with criminals all day (Public Defenders office), that writing malware pays. Before it was for notoriety or to prove you could or to piss people off, but now it can provide an income source and I think we will be seeing more of it from now on just because people are going to be trying to make a buck off of it.
Seems to me that the folks who are capable of writing (good) malware are likely to already be pretty aware of how well it pays. I'm not too worried about some common criminal reading this news and thinking "holy cow, there's a new career for me!"

Hmm.. (3, Funny)

punkr0x (945364) | more than 7 years ago | (#14630452)

So is windows exploits are worth $4,000 a pop, and Bill Gates is worth something like $50 billion, that adds up to... 12.5 million windows exploits. That number seems a little low, must be not all of them are worth 4 grand.

More expensive with Vista (2, Funny)

jbeaupre (752124) | more than 7 years ago | (#14630530)

It will cost an extra $500 to get set up to sign your malware in order for it to install. Good thinking Microsoft. That extra 12.5% tax will make it totally uneconomical.

2 weeks != a full month (2, Interesting)

unholy1 (764019) | more than 7 years ago | (#14630560)

From summary: "The first sign of an exploit was traced back to the December 1, 2005, a full month before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code."

From article: "The first sign of an exploit was traced back to the middle of December 2005, a full two weeks before anti-virus vendors started noticing mysterious WMF files rigged with malicious executable code..."

Oh... actually, to be fair, the article does carry on to say: "...it was most likely that the vulnerability was detected by an unnamed person around Dec. 1, 2005. However, it took a few days for the exploit enabling random code to be executed on the victim machine to be developed and put on the market."

meh. nm.

wizard (-1, Troll)

Anonymous Coward | more than 7 years ago | (#14630584)

Please pass, oh mighty wizard!

WMF? (0)

Anonymous Coward | more than 7 years ago | (#14630711)

Weapons of Mass Fraudulence?

D;oh (1)

stunt_penguin (906223) | more than 7 years ago | (#14630766)

I misread that as 'WMDs Exploit sold underground for $4,000'.

Of course, WMDs would read 'WMDs exploit sold by administration for $Several hundred billion '

Re:D;oh (1)

C-Diddy (755183) | more than 7 years ago | (#14630794)

How original. Zzzzz.

tr0llkore (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#14630791)

Become liKe they stagnant. As Linux BSD managed to make dead. It is a dead are tied rup in all along. *BSD sling, return it to

Amusing advert (3, Insightful)

eyepeepackets (33477) | more than 7 years ago | (#14630850)

How appropriate that a Microsoft "Get the Facts" ad should show up at the top of this particular page -- gotta love that Murphy guy when he works in your favor.

To the Microsoft Marketing folks: I'd trade you a fact for a clue but since you have neither facts nor clues I guess we won't be doing business any time soon.

Cheers.

Yuo FaIl IXt!? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#14630887)

share. *ObSD is [goat.cx]

OMG WTF H4X~!! (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#14630999)

I was promised strict confidentiality by the seller!

They didn't know how much it was worth (2, Insightful)

keen (86192) | more than 8 years ago | (#14631110)

According to Gostev, the rival hacker gangs did not seem to fully understand the exact nature of the vulnerability.

Otherwise it should have gone for much more than $4,000, even in a black market. Imagine an exploit where you can gain access to any Windows computer on Earth for the last several builds of Windows?

This is why we should set up companies to act as middleman and legitimately buy exploits. They would pay more and we would be able to get things patched quicker.

mIod down (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14631117)

but I'd rather he4r want them there.

unknown name? (4, Funny)

AyeRoxor! (471669) | more than 8 years ago | (#14631220)

"[...] the vulnerability was detected by an unnamed person around Dec. 1, 2005."

Ok, what are the chances that this person really has no name?!

I'm going to have to call shenanigans on this whole article.

They charged money for it? (1)

Gary Destruction (683101) | more than 8 years ago | (#14631266)

Whatever happened to hackers wanting all information to be free?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?