Skip the navigation

Russian hackers sold WMF exploit, analyst says

WMF hack peddled for $4,000 weeks before public knew

By Jeremy Kirk
February 3, 2006 12:00 PM ET

IDG News Service - Security vendor Kaspersky Lab Ltd. said it appears that two or three Russian hacker squads sold an exploit for the Windows Metafile (WMF) vulnerability that raised alarms in December.
Criminal gangs sold the exploit on specialized sites for $4,000, wrote Alexander Gostev, a senior virus analyst at Kaspersky, in a report on virus activity for the last three months of 2005. It appears that someone discovered the vulnerability around Dec. 1, and exploit code emerged shortly afterward, Gostev wrote.
One of the purchasers of the exploit was involved in the adware and spyware business, according to Gostev.
No patch existed for the WMF vulnerability when it was publicly detailed, he wrote. Microsoft Corp. initially told customers around the end of December to wait for its monthly patch update in January, while security researchers warned that the flaw could be used to steal data on infected machines and to have those computers send spam.
Security analysts also endorsed an unofficial patch created by programmer Ilfak Guilfanov. Microsoft ended up issuing a patch ahead of its regular schedule after critics argued that the delay was giving hackers more time to work.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies