February 03, 2006

Exploit Ebay

A couple of weeks ago I wrote about the WMF Exploit that affected users of Microsoft Windows and would allow for mal-ware to be installed by simply viewing a malicious picture file. E-Week this morning has uncovered a story that this exploit was selling on via the "underground" a full two weeks prior to the exploit being publicly noticed. The exploit first uncovered by people who produce malicious code was up for auction a couple of weeks before anti-virus vendors were aware there was a problem.

For $4000 a spy-ware distributor could buy the exploit code and then have the perfect vehicle to distribute his or her wares. According to the article the exploit was first purchased in early December and days later it was on the web infecting random machines. Luckily the people who discovered the vulnerability were unaware of its full potential and thus only the exploit code was up for sale. If they had taken the time to develop a proof of concept this could have been much worse. As it was according to the eWeek article the lead time that the spy-ware distributor who purchased this exploit code enabled him or her to infect thousands of computers with over a 1000 exploited image files found online.

What is most chilling about this article is that it confirms a growing concern among security professionals that exploits are going up on the auction block. While this is nothing new; underground websites and IRC have long been places where script kiddies and others could get exploit code. However the organization is beginning to develop. There is big money in spy-ware and mal-ware and as such other secondary support channels are beginning to arise. I would not be surprised if in the next couple of years there will be a virtual exploit eBay with both exploit code and proof of concept code on the auction block.

 

Researcher: WMF Exploit Sold Underground for $4,000

February 03, 2006 in Exploit Watch, Security | | Comments (0)

February 02, 2006

Winamp Exploit Installs Spysherrif and CWS

The awesome folks over at Sunbelt are reporting that users of the popular Winamp software who failed to upgrade to resolve a recent exploit (I mentioned earlier this week), can expect to have CWS (cool websearch) and Spyware Sherrif drive by installed on their system. Apparently after going to a nasty website a malicious playlist is loaded and immediately after it loads remote code executes installing these nasty softwares on your system. So if you use Winamp and haven't updated yet do so immediately.

Update Winamp

Sunbelt BLOG: Winamp exploit found in the wild

February 02, 2006 in Exploit Watch, Spyware | | Comments (0)

January 30, 2006

WinAmp Vulnerability Resolved Exploit Released Same Day

I wrote earlier today about an exploit that effects users of the Winamp software. Unfortunately a same day exploit that allowed for remote code execution was also released. To WinAmp's credit they have resolved the problem and released an update for their users.

To recap the vulnerability affected users of the WinAmp software who downloaded a malformed playlist with a file size to large or name that is over 1024 characters this flaw caused a buffer overflow that caused the WinAmp software to exhaust system resources eventually forcing a reboot. Exploit code which allowed a user to remotely execute code was also released today. Given that this effects current and older versions of WinAmp it is highly reccomended that if you use WinAmp you update as soon as possible.

WinAmp Update Released

Winamp, Shoutcast exploits released same day

January 30, 2006 in Exploit Watch | | Comments (0)

My Photo

Search This Blog

Subscribe

Categories

June 2006

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Archives

Blog Worm

  • Infected by Blog.Worm

    Please note this not a real virus but only an embeded GIF file meant for humor.

      Blog.Worm

Other Blogs of Note

Creative Commons