|
Silicon Valley Sleuth, an insiders view from Silicon Valley |
|
|
|
|
Friday, 03 February 2006 |
Exploits for the notorious WMF vulnerability in Windows were offered for sale in December for about $4,000. That is more than a month before Microsoft issued a patch and two weeks before virus hunters started noticing the potential flaw.
The evidence points to the existence of a market for zero day exploits. Such a market is nothing new, but it had disappeared for several months after several arrests in the US shut down most English-language sites. The WMF vulnerability however was offered for sales on a Russian site.
In a sense weve actually been lucky. Whoever discovered the flaw probably didnt really understand the exact nature of the vulnerability, security expert Gostev Alexander with Kaspersky Labs told eWeek. So instead of keeping the flaw to themselves, the hackers put it up for sale. If the authors had held on to their knowledge, they could have quietly built numerous small botnets. Now it took the anti-virus community only a few weeks to start notifying the surge in mysteriously acting WMF images.
If you arent scared yet about your online security, you should be. |