Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: exploits for sale

  1. #1
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default exploits for sale


  2. #2
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    big lol.........nothing else to say.....it's a pity........
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Hackers Selling Vista Zero-Day Exploit
    By Ryan Naraine
    December 15, 2006
    5 comments posted
    Add your opinion



    Underground hackers are hawking zero-day exploits for Microsoft's new Windows Vista operating system at $50,000 a pop, according to computer security researchers at Trend Micro.

    The Windows Vista exploit—which has not been independently verified—was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the Tokyo-based anti-virus vendor.

    ADVERTISEMENT In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

    Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.

    For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

    The Trend Micro discovery highlights the true financial value of software vulnerability information and serves as further confirmation that a lucrative underground market exists for exploit code targeting unpatched flaws.

    Back in December 2005, researchers at Kaspersky Lab in Moscow found evidence that the exploit code used in the WMF (Windows Metafile) attack was being peddled by Russian hacker groups for $4,000.

    However, according to Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business.

    "I think the malware industry is making more money than the anti-malware industry," Genes said.



    Trend Micro's researchers also found the underground marketplace saturated with personal data stolen in phishing attacks and virtual currency hijacked from online gamers.

    Genes said the average prices for credit card and bank log-in data can vary dramatically, depending on the bank's brand and the way the data is mapped to names, Social Security numbers, dates of birth and physical addresses.

    A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.



    Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300.

    The auction marketplace is also selling driver's licenses for $150, birth certificates for $150, Social Security cards for $100, and credit card numbers with security code and expiration date for between $7 and $25.

    PayPal or eBay account credentials are available for $7, Genes said.

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    OMFG!! Selling -=Xploitz=-??

    This could be really bad news for us. You don't see "White Hats" selling security patches now do you?? I for see dark days indeed for us all.

    "Beware the Ides of March!"
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    The article is from the perspective of the CTO of an anti-virus company.

    He says "I think the malware industry is making more money than the anti-malware industry."

    This is nothing new, just a play to convince the sheeple to pay more money for anti-virus products that don't work. "Who wouldn't pay $## a year to guard against $30,000 exploits!"
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by theprez98 View Post
    This is nothing new, just a play to convince the sheeple to pay more money for anti-virus products that don't work.
    I hope your right.




    Quote Originally Posted by theprez98 View Post
    "Who wouldn't pay $## a year to guard against $30,000 exploits!"
    I wouldn't, cause I know certain "secretes". But then again, I'm a special case.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    I don't see this as anything but a bad thing for everyone except the ones making money out of these exploits.

    With a bit of luck it will just die out, or better still, shut down and an example made of the people involved.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default milw0rms answer

    This just posted today. The milw0rm hactavists have decided to post expoloits faster than normal for public use in order to devalue the one being auctioned. I take back every thing bad I said about those guys Theyre ok with me. here is the documentation if any one is interested. If I dont know you dont bother PM ing me for a how to

    I did check the bidding though at it is NOW at $0.00 since the public release of the exploit

  9. #9
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by purehate View Post
    This just posted today. The milw0rm hactavists have decided to post expoloits faster than normal for public use in order to devalue the one being auctioned. I take back every thing bad I said about those guys Theyre ok with me. here is the documentation if any one is interested. If I dont know you dont bother PM ing me for a how to
    Gotta love the free market.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  10. #10
    Just burned his ISO
    Join Date
    May 2007
    Posts
    1

    Default packetstorm own it!

    packetstorm own it!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •