Hackers sell 0day exploit for MS Vista
Blackhat hackers are on the strike: According to Eweek, there are people attempting to sell an unconfirmed zero day exploit to the tune of $50,000 big ones. The Windows Vista exploit-which has not been independently verified-was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.
In an interview with eWEEK, Trend Micro’s chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code. Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.
Genes said the average prices for credit card and bank log-in data can vary dramatically, depending on the bank’s brand and the way the data is mapped to names, Social Security numbers, dates of birth and physical addresses. A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.
And that’s only top of the glacier – these people go way further, selling literally everything. Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300. The auction marketplace is also selling driver’s licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25. PayPal or eBay account credentials are available for $7. That’s really crazy :-/.
Comments(17)
okay that’s fucking sick, why doesn’t anyone do something about it?
You could do something about it, for instance by using a secure OS, maybe OpenBSD. If there is no supply for exploits, there is no market …
Why does everyone always harp on about Windows insecurity problems? Any OS with the market penetration windows has would suffer security problems. The reason your beloved OpenBSD, Linux, OSX etc don’t suffer in the same way is because 95% of the world don’t use those OS’s.
They sell “Russian brides” and yet this surprises people? And ranger is right, use a more secure OS. If you must use windows for games then don’t connect it to the internet. Must play online? Build a gaming windows computer for just that. Use that other box with a more secure OS for your other needs.
Though even then, who’s to say they aren’t obtaining the info from a higher source like the ISP itself? You should most likely get pay for a full credit report every 5 years anyhow and only use a very few credit cards with good protection regardless of even being online or not. Don’t worry bout it so much and just enjoy the humor in our messed up world’s culture(s).
Note: Bout the credit report, it’s not uncommon people with the same name living anywhere in the world get linked to your own credit and so forth. You’re screwed no matter what you do so don’t be too anal bout life, that’s just making you a bigger target. *cough*
thats impossible !! Vista is unhackable and none crackable….NOT
ROFL
well,ill keep saying to my self,its RTM
lol
Any OS getting 90%+ of the market is unhealthy. What if one car maker (Microsoft) sold 90% of all cars, another (Apple) with 5% and the last (Unix/Linux) 5% sold by fringe OS makers. It just wouldn’t be a healthy car market place. I prefer the many auto makers we have now. Another way to think about it, if Microsoft was a Chinese corporation, would you still be ok with it? (China does manufacture most of the worlds PCs/Macs/laptops & computer components.)
Fairly disturbing stuff right here … wow!
lol k where do i buy
why can’t they just bomb that place? or at least arrest them. or wait, how about just shoot off their kneecaps. i’ll settle for some maiming.
i think i’m going to change my name to Dick Von Cockenheim just to make sure no one else has the same name as me. googling my name, i’ve found more than a few “famous” people with the same name. d’oh.
Get a more secure OS
. That was a good one. You people don’t feel the security fobia around the world. If there woren’t any trojans viruses etc. or articles like that, why would anyone buy McAfee or Norton or any other anti-virus or anti spyware? Anyway, I think WINDOWS is secure enough, and if OSX or any distribution of linux would have the same amount of market share, they would be “insecure” too. BTW: do you people know how long it takes to hack a mac? One minute top.
fuckin leeches
‘a more secure OS?’
Obviouslt you havent heard what a PoS iptables is!
Hay,
…..ahahhahahaha…..funny shit though….i think, hay, if they can obtain your information…good for them…they are entitled to it and you are entitled for abuse for being so gulable 
….ahahahhaha
yeah i wanna know where i can buy these things….funding could come in handy next time i need to stock up on arsnal against the capitalist supression
Peace out.
its a bit stupid considering the whole point of a private exploit is that its private. Most private exploits are circulated on private forums and so any exploit you have may have a couple of hundred people using it max. You ‘pay’ for the information by contributing your own exploits/white papers to maintain your membership.
Buying such things from ebay would be a waste of time. And a bit noobish in all honesty. Becuase within a couple of weeks so may people will have access to the exploit all the boxes will be patched.
This is nothing new, these “auctions” have been going on for years, identity theft anyone?