What's a Vista zero-day exploit worth? Try $50K

Summary:Trend Micro has stumbled upon an auction style marketplace where zero-day exploits for Microsoft's Vista operating system are going for $50,000.The marketplace, reported by eWeek's Ryan Naraine, illustrates that no matter how much Microsoft has beefed up Vista's security the bulls-eye remains on the company's back.

Trend Micro has stumbled upon an auction style marketplace where zero-day exploits for Microsoft's Vista operating system are going for $50,000.

The marketplace, reported by eWeek's Ryan Naraine, illustrates that no matter how much Microsoft has beefed up Vista's security the bulls-eye remains on the company's back.

And the stakes are getting higher. Naraine reports:

"In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said."

Using that formula as a template it would stand to reason that hackers could peddle their Word zero-day exploits for more than, say an Apple OSX hack. Financial motive goes along way to explaining why Microsoft is targeted so much (of course shoddy coding helps too).

In other words, there's a vicious Microsoft security cycle that's going to be damn near impossible to break. Microsoft has the most market share, it has the most popular software and hackers can get more money for exploits that do the most damage. Scary stuff. Once the consumer version of Vista hits the street we'll really get to see how Microsoft's security improvements will hold up.

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.