Russian hacker groups sold .WMF exploit for $4,000

Posted on Sunday, February 05 2006 @ 22:24 CET by Thomas De Maesschalck
Remember the extremely critical Windows .wmf exploit from a few weeks ago? According to Kaspersky Labs these exploits were offered for sale by two or maybe three competing Russian hacker groups for $4,000. But according to the reports the hackers didn't really understand the nature of this exploit.

One of the purchasers of the code was a criminal ad-ware/spyware business, and it looks like this was how the exploit became public.
It claims that the flaw which was only patched by Microsoft in early January was probably first discovered at the start of December, and by a virus writer rather than a security researcher.

If true, this challenges the disclosure argument. Those that made the information on the flaw and exploit code public were slammed by Microsoft and the security community at the time. But if that information had been kept strictly within hacking circles, Microsoft may not have even heard of the problem while its customers were being infected with viruses.
More info at PC Pro. This vulnerability has been patched by Microsoft on January 6th.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments