Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: exploits for sale

  1. #11
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    11

    Default

    This is pure sensationalism.

    You don't see "White Hats" selling security patches now do you
    Yes I do.

    Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said.
    There are countless bots that got their source leaked, why would someone in the world pay 5,000$ dollars, for something that can be aquired in 3 - 5 minuts using google.

    The Trend Micro discovery highlights the true financial value of software vulnerability information and serves as further confirmation that a lucrative underground market exists for exploit code targeting unpatched flaws.
    This information is probably like their anti-virus that by default after automatically updating would reboot the computer without consulting the user, average of 1 - 3 updates / random reboots a day.

    A custom Trojan capable of stealing online account information can be bought for between $1,000 and $5,000, while a botnet-building piece of malware can cost between $5,000 and $20,000, Genes said.
    Just like the botnet virus, there are also open source screen keyloggers, the problem is that the banks keep updating to break the KL screen centralization, so some shitty coder has to update it, but as all spammers/bankers are dumb lamers (by the way thats why they are spammers) they have to pay someone to do it...

    Now 20,000$ dollars for a botnet 'builder'???
    Please my email address is wuefez@2die4.com, i only do it for 19,000$.....
    </sarcasm>

    Credit card numbers with valid PINs are sold for $500 each, while billing data that includes an account number, physical address, Social Security number, home address and birth date can be found for between $80 and $300
    500$ for a ****ing CC? In the real world a CC is only 5$, its just a waste of time continue to read this............

    sorry for my poor english again.........
    // Wuefez

  2. #12
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    I just have one free word... rootkits. Build them yourself and save $5000
    dd if=/dev/swc666 of=/dev/wyze

  3. #13
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    lol ......

    if i had pay for any of those tools, i would be homeless......

    best thing is to use oss tools and to code your own
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #14
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default

    This has actually been going on for some time now. At Defcon two years ago there was an FBI agent that gave a rather detailed lecture on the topic. Considering that Spam / Malware is a billion dollar a year industry it's still very cost effective to pay the prices quoted above. The better coders even have professional quality commercials that they release on these underground sites that advertise their Malware's benefits (ie, undetected by which major anti-virus products, etc).

    More recently this type of service has even become available to White Hat hackers, at least in that they can legally sale unknown exploits that they have discovered. In most instances, I believe the buyers are very large corporations and federal government agencies.

    Personally, I'm ok with White Hat hackers legally selling exploits they have discovered. Hopefully they take that $5,000 to $80,000 they make and use it to better fund their next project, or even quit that day job and do security research as a full time job instead of a late night hobby. This is of course just my opinion. I know no one asked for it, but it was free so the price was right. ;-)

  5. #15
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    11

    Default

    WSLabi...
    Legal? Yes.
    But Ethical?

    What do you guys think of a site that sells unknow exploits for anyone who has the money to pay for them?

  6. #16
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default

    Just to be clear, Wslabi does not sell exploits to 'anyone' with enough money. There is a process to verify perspective buyers. Is this process adequate? I'm uncertain as there isn't a full level of disclosure about it. Also, Wslabi is not the first organization to pay for unknown exploits. iDefense and TippingPoint both offer to buy unknown exploits as well.

    So to answer your original question of ethics... No, I would not consider it ethical to sell exploits to 'anyone' who has enough money. However, I would consider it ethical to sell an unknown exploit to iDefense, TippingPoint, or any law enforcement / intelligence agency. My vote is still out on Wslabi since they have still not disclosed enough information about how they verify perspective buyers to make me feel comfortable that I would be acting responsibly by selling through them.

    An interesting topic that hopefully we can continue to move forward with in the spirit of friendly debate.

  7. #17
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I know they are not the first ones to sell exploits I just thought that the idea of selling exploits had been squashed. For me there is no debate selling proof of concept of a exploit is totally ethicly and moraly wrong. I don't care who buys it. Anyway the point of the original post was to show that milw0rm and other groups have pledged to devalue any xploits for sale buy posting them earlier than normal.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •