- Jun 9, 2013
- 6,720
Someone is selling an exploit for a Windows zero-day on an underground market for Russian-speaking cyber criminals, and the current price is set at $90,000.
Trustwave researchers have discovered the advertisement in early May and believe it to be genuine, although they point out that it’s impossible to know for sure unless one buys the exploit and tries it out.
“Zero days have long been sold in the shadows. In this business you usually need to ‘know people who know people’ in order to buy or sell this kind of commodity. This type of business transaction is conducted in a private manner, meaning either direct contact between a potential buyer and the seller or possibly mediated by a middle man,” they explained, and noted that this particular offer is definitely an anomaly.
“It goes to show that zero days are coming out of the shadows and are fast becoming a commodity for the masses, a worrying trend indeed,” they added.
The exploit in question is for a Local Privilege Escalation (LPE) vulnerability in Windows and, the seller claims, it works on all versions of the OS, including Windows 10 and Windows Server versions, and all OS architectures.
Full Article. Windows zero-day exploit offered for sale on underground market - Help Net Security
Trustwave researchers have discovered the advertisement in early May and believe it to be genuine, although they point out that it’s impossible to know for sure unless one buys the exploit and tries it out.
“Zero days have long been sold in the shadows. In this business you usually need to ‘know people who know people’ in order to buy or sell this kind of commodity. This type of business transaction is conducted in a private manner, meaning either direct contact between a potential buyer and the seller or possibly mediated by a middle man,” they explained, and noted that this particular offer is definitely an anomaly.
“It goes to show that zero days are coming out of the shadows and are fast becoming a commodity for the masses, a worrying trend indeed,” they added.
The exploit in question is for a Local Privilege Escalation (LPE) vulnerability in Windows and, the seller claims, it works on all versions of the OS, including Windows 10 and Windows Server versions, and all OS architectures.
Full Article. Windows zero-day exploit offered for sale on underground market - Help Net Security