Exploits for the Windows .wmf vulnerability are being developed for the Russian market
Hackers are tailoring and selling zero-day malware for specific markets
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Hackers writing zero-day malware to order

2005 was watershed year for zero-day exploits, warns security firm

William Eazel, vnunet.com 04 Feb 2006
ADVERTISEMENT

Russian security company Kaspersky Lab has discovered a worrying phenomenon in the wake of Microsoft's security gaffe over the .wmf exploit at the end of last year, claiming that hackers are tailoring and selling zero-day malware for specific markets.

Kaspersky claims that exploits for the .wmf vulnerability that emerged over Christmas were being developed specifically for the Russian market, away from the eyes of security companies.

"Around the middle of December, this exploit could be bought from a number of specialised sites," the company said.

"It seems that two or three competing hacker groups from Russia were selling this exploit for $4,000. One of the purchasers is involved in the criminal adware/spyware business, and it seems likely that this was how the exploit became public."

A watershed was reached at the end of 2005, according to Kaspersky. There were two critical vulnerabilities in Windows, a month apart, which were publicised before a patch was made available. Both vulnerabilities were exploited by malicious programs almost immediately.

In November, a research group known as 'Computer Terrorism' published a proof of concept exploit for the JavaScript processing function 'window()', which would run on a fully patched version of Internet Explorer.

Microsoft had known about the bug, but had not rated it a priority as it had discovered no serious exploit.

However, Computer Terrorism understood the vulnerability better than Microsoft and tweaked the code to install and execute a file on a victim system without the knowledge or consent of the user.

A week later, exploits surfaced on the internet. "This was the first case in which a Trojan exploited a vulnerability in Windows for which no patch existed, " Kaspersky said.

The situation was repeated in late December when the .wmf exploit surfaced. "It was clear that this was the latest zero-day vulnerability, and Microsoft knew nothing about it," said Kaspersky.

"The most worrying thing is that the virus writing community not only detected this vulnerability before Microsoft, but before any other major company specialising in the identification of vulnerabilities."


All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduat
| Aston Carter
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduate. This is an amazing opportunity to join a successful city based team working at the cutting edge of development. My client is looking for strong Java/J2EE developers ... more >
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, L
| Aston Carter
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, London, City Graduate This is an exceptional opportunity for a talented Java, J2EE developer keen to work in a successful development team within arguable the best agile ... more >
2nd Line Support Analyst - London - to£40k
| Rullion Computer Personnel Ltd
2nd Line Support Analyst London £35, 000 to £40, 500 My client is a global market leader in the Internet Applications Industry. The company is continually progressing and looking for areas of growth and this ... more >
Security Solution Architect
| Rullion Computer Personnel Ltd
Security Architect / Information Security Specialist – St Albans - Global Leader - Shine At The Highest Level Security Solution Architect / Information Security Architect required by renowned blue-chip organisation offering the finest security projects ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503