Hacker groups in Russia were trying to sell exploit code
for the recent Windows Meta File flaw before it was even discovered
by security software companies.
Russian-based internet security software company Kaspersky Lab
said some hackers were attempting to sell the malicious code for
around £2,500 before the flaw was exploited by remote attackers
just after Xmas.
Kaspersky said in a quarterly security report that hackers were
successful in selling the exploit code to a “criminal
adware/spyware business,” which used the code to distribute its
rogue software on users’ machines without them knowing.
Microsoft patched the WMF flaw in the new year, after being
pressured by the internet security community over the serious
threat posed by the vulnerability.
Microsoft was originally going to delay a patch until its
monthly scheduled security release date, but was persuaded that
widespread WMF attacks were imminent.
The fact that “for sale” exploit code was available for a flaw
not already discovered by the internet security market could
illustrate a worrying trend, said Kaspersky.