Criminal gangs are selling malware source codes to exploit flaws such as the recent WMF vulnerability in a worrying new trend.
According to anti-virus company Kaspersky Labs, it found evidence of hackers building bespoke zero-day malware for the Russian criminal underworld. It added that work began on the exploit code at the beginning of December and after a couple of weeks the developed code was on sale at a number of criminal websites.
"It seems that two or three competing hacker groups from Russia were selling this exploit for $4,000. Interestingly, the groups don't seem to have understood the exact nature of the vulnerability," said the report.
It seems that one of the purchasers is involved in criminal spyware and the report said this was the the likely reason for the exploit went public. It said it didn't know who discovered the vulnerability but did know who was involved in creating and distributing the exploit and subsequent modifications.
"The data we have, plus the Russian involvement, make it clear that information about the vulnerability was not passed to companies such as eEye or iDefense," said the report's authors.
"Firstly, the hacker groups didn't understand exactly how the vulnerability functions, and secondly, the exploit was created in order to be sold on to cyber criminals. Thirdly, research bodies did not have information about the fact that the exploit was being sold, due to the fact that it was created for the Russian market," it added.
