Windows Vulnerabilities for Sale -- Redmondmag.com

Windows Vulnerabilities for Sale

By Michael Desmond
03/01/2006

When the WMF zero-day exploit emerged for a previously unknown Windows flaw, it prompted a lot of concern. After all, the lack of advance warning meant that PC owners were unable to harden their PCs against the attack. That concern took on a new tenor when researchers at Kaspersky Lab discovered that hackers had been selling the exploit on the black market for as much as $4,000.

For Shane Coursen, senior technology consultant for Kaspersky, the discovery is part of a larger trend. "We really started seeing [this activity] ramp up early last year. To somebody in our field, it comes as no surprise whatsoever."

According to Kasperky, hackers in Russia started working in early December to develop an exploit against a flaw in the graphics handling engine of Windows. Within a week or so, the group crafted WMF files that would allow code to execute on Windows PCs. The exploit turned up for sale from at least two different groups around the middle of December.

Security firm F-Secure reported the existence of the WMF exploit on Dec. 27. Microsoft produced a patch for the flaw on Jan. 5, a few days ahead of the scheduled Patch Tuesday release.

The timeline underscores an undeniable trend in malware activity. "What these guys are doing is writing these little programs to be used for little more than Internet crime and financial gain," Coursen says.

Spyware and adware companies tap the secretive market for black-market malware to spread their wares, Coursen says. The WMF exploit, for instance, was used to install a variety of spyware packages, including one that posed as anti-virus software. The demand makes for a thriving black market in code exploits.

"These adware companies are hiring professional programmers to write programs that are able to bypass security measures, and they are paying pretty top dollar for their skills," says Coursen, who calls the $4,000 price tag for the WMF exploit "a steal."

Microsoft is striving to combat the issue with initiatives like Trustworthy Computing and the Secure Development Lifecycle (SDL), which employs rigorous security planning and review in the code design process. The goal is to eliminate flaws such as the one exploited by the WMF malware.

Coursen lauds the Microsoft effort, but he's not getting his expectations up. "I think we can look forward to less exploitable code, but something that is completely unexploitable? No, we'll never see that."

About the Author

Michael Desmond is an editor and writer for 1105 Media's Enterprise Computing Group.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.