Short Bytes: A hacker is selling a dangerous zero day vulnerability on a Russian cybercrime website. This exploit is said to be affecting more than 1.5 billion Windows users as it works on all version of Windows. The hacker wishes to sell the complete source code and demo of the exploit to any person who pays him $90,000 in bitcoin.
In turn, this has resulted in an increased number of attacks on personal computers, enterprises, and financial institutions. These days, if a hacker is good at creating malware and exploits, he/she can make it a profession and provide services to others with low risk.
A similar case has popped up on a Russian cybercrime website. A hacker who goes by the name BuggiCorp is offering a Windows zero-day vulnerability that affects all versions of the operating system.
This listing was discovered by the security firm Trustawave, who found that the hacker was selling the exploit for $95,000. The advertisement was recently updated with a new price of $90,000.
The zero day being sold deals with Local Systems Privilege escalation
While the usual zero day exploits deal with Remote Code Execution, this zero day bug deals with a Local Systems Privilege escalation. Compared to other types of coveted malware, the privilege escalation could be used to launch any type of attack.
As expected, BuggiCorp wants the payment in Bitcoin. In his advertisements, he makes clear that the exploit works on all versions of Windows, which means that it may affect more than 1.5 billion Windows users.
He also promises to sell the exploit to a single person along with a fully-functional demo, complete exploit code, a Microsoft Visual Studio project file, and free updates for future versions of Windows.
Trustwave has notified Microsoft’s security team regarding the zero day bug and we expect some quick action.
Did you find this article interesting? Don’t forget to drop your feedback in the comments section below.