What's a Vista zero-day exploit worth? Try $50K

Trend Micro has stumbled upon an auction style marketplace where zero-day exploits for Microsoft's Vista operating system are going for $50,000.

The marketplace, reported by eWeek's Ryan Naraine, illustrates that no matter how much Microsoft has beefed up Vista's security the bulls-eye remains on the company's back.

And the stakes are getting higher. Naraine reports:

"In an interview with eWEEK, Trend Micro's chief technology officer, Raimund Genes, said prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range, depending on the popularity of the software and the reliability of the attack code.

Bots and Trojan downloaders that typically hijack Windows machines for use in spam-spewing botnets were being sold for about $5,000, Genes said."

Using that formula as a template it would stand to reason that hackers could peddle their Word zero-day exploits for more than, say an Apple OSX hack. Financial motive goes along way to explaining why Microsoft is targeted so much (of course shoddy coding helps too).

In other words, there's a vicious Microsoft security cycle that's going to be damn near impossible to break. Microsoft has the most market share, it has the most popular software and hackers can get more money for exploits that do the most damage. Scary stuff. Once the consumer version of Vista hits the street we'll really get to see how Microsoft's security improvements will hold up.