Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.
The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.
In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.
Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.
[...]
A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.
Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300.
The auction marketplace is also selling driver's licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25.
PayPal or eBay account credentials are available for $7, Genes said.
-------------------------
(Props to my friend Fergie for the find)
i wouldn't be surprized if this 0day exploit would be nothing than a simple phrank, really
ReplyDeleteQuite possible, but as we have already seen vulnerabilities in IE7 and Vista, it wouldn't really shock me to see a real Vista zero-day for sell.
ReplyDelete