$50,000 for a Windows Vista zero-day exploit. The 0-day exploits have not been released in the wild but are, instead, made an integer part of the underground Internet commerce. The Proof of Concept code for an exploit affecting Microsoft’s latest operating system can cost as much as $50.000.
As far, neither the exploit nor the PoC for Windows Vista have been submitted to an independent evaluation process. In this context, the authenticity of the Windows Vista 0-day exploit has not been confirmed from any sources aside from its creators. Microsoft has, as yet, failed to issue an official comment.
Trend Micro’s chief technology officer, Raimund Genes confirmed to eWEEK that Trend Micro was able to verify that the 0-day Vista exploit was indeed available for sale on an auctioning marketplace online. The consistent amount for which the 0-day exploit is being auctioned is an indication of the fact that the vulnerability at its basis allows for remote code execution.
Prices for similar code execution vulnerabilities that have not been patched by the developers range from $20,000 to $30,000. As a general rule, the more popular the software, the higher the price. Raimund Genes revealed that bots and Trojan downloaders targeting the Windows operating system have an estimated price of $5,000.
This kind of underground commerce mirrors the fact that the malware environment has geared from a destructive, viral aspect, to a lucrative market. “I think the malware industry is making more money than the anti-malware industry,†Genes commented.