Russian hackers sold WMF exploit

By

Criminal gangs are selling malware source codes to exploit flaws such as the recent WMF vulnerability in a worrying new trend.

According to anti-virus company Kaspersky Labs, it found evidence of hackers building bespoke zero-day malware for the Russian criminal underworld. It added that work began on the exploit code at the beginning of December and after a couple of weeks the developed code was on sale at a number of criminal websites.


"It seems that two or three competing hacker groups from Russia were selling this exploit for $4,000. Interestingly, the groups don't seem to have understood the exact nature of the vulnerability," said the report.

It seems that one of the purchasers is involved in criminal spyware and the report said this was the the likely reason for the exploit went public. It said it didn't know who discovered the vulnerability but did know who was involved in creating and distributing the exploit and subsequent modifications.

"The data we have, plus the Russian involvement, make it clear that information about the vulnerability was not passed to companies such as eEye or iDefense," said the report's authors.

"Firstly, the hacker groups didn't understand exactly how the vulnerability functions, and secondly, the exploit was created in order to be sold on to cyber criminals. Thirdly, research bodies did not have information about the fact that the exploit was being sold, due to the fact that it was created for the Russian market," it added.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?