By Greg Sandoval, 3 February 2006 08:50
NEWS
Competing hacker groups in Russia were peddling the exploit code responsible for the Windows Meta File (WMF) attacks last December for $4,000, according to security company Kaspersky Labs.
According to a Kaspersky quarterly report released this week: "One of the purchasers of the exploit is involved in the criminal adware/spyware business. It seems likely that this was how the exploit became public."
The WMF flaw unsettled security experts after they found that the virus-writing community discovered the vulnerability before they did. A slew of Trojan programs were written to try and take advantage of the exploit.
A statement on the Kaspersky Labs site said more than a thousand instances of malicious code were detected in a week. "As the vulnerability was present in all versions of Windows, the situation threatened to spiral out of control."
According to Kaspersky, the situation was mitigated by the holiday season, when internet use was much lighter than normal.
When the corrupt WMF files finally came to the attention of anti-spyware experts, they were traced back to websites known to spread advertising software surreptitiously to computers.
Security companies have lamented the practice by some web advertisers of paying others to distribute their software. Some of the more unscrupulous among them are in the business of distributing exploits that facilitate the spread of adware without the knowledge of computer users.
Greg Sandoval writes for CNET News.com
Comments
There is 1 comment. Join the discussion
1. Martin Lukes
Windows Has Flaw!!! Hold the front page!!!!!
So stop using Windows.
This isn't really difficult, is it? It's notoriously leaky, the barrier to entry is far too low for a business system and it was never supposed to be one in the first place. Cheap output means cheap input. That's called real life. Unless you really, truly believe that the first objective of any business is to help it's customers, rather than make a profit, then you ought to know you get what you pay for. It might help if anyone ever had a look at TCO in any real sense, including IT support time, salaries, holidays, pensions and tax.
If you don't want your machines falling over all the time, stop using a system you know from your own experience fails and keeps on failing. You would not put up with a car that did this. Nobody owes Microsoft anything. There is an alternative.