Thursday, November 19, 2015

The 0days seller Zerodium publishes his price list and there are some surprises

What would you say is more expensive: an exploit which attacks an unknown failure in the Tor browser or in Android? …, …, …, Who have thought Android, because the elevate number of failures discovered daily, are wrong: is cheaper an exploit for the browser Tor, which isn’t the same as the theoretically super secure network with the same name. We’ll keep talking about that and, also, today we highlight the increasingly complexity of the bank Trojan Dyre, the discovery of a botnet which has deceived a lot to announcers in the network and an opinion text which advocates for the “sensible divulgation” of computer failures.

Zerodium, the 0day exploits and other advanced cybersecurity tools seller, has made something unprecedented until now in his business sector: publishing his price list. In this price list we can see that the most expensive exploits are the exploits which attacks the security in smartphones: a 0 day for Android and Windows Phone cost more than 100.000 dollars, being the iPhone exploit the most expensive: more than 500.000 dollars. Instead, the 0days for traditional operative systems: Windows, Mac OS X and Linux, cost “only” 30.000 dollars. We encourage our readers to see the price list, which is also well designed to facilitate the reading.

Dyre all out
Zerodium is for great actors and governments, while the cybercrime prefers to buy in the black market. There one of the kings is the bank Troyan Dyre, whose authors pampered it making it more complete: now it can attack Windows10 and his new browser, Edge, users too, in addition to new commands to facilitate the use of botnets and modules to detect and deactivate antivirus in the attacked computer. It is calculate that Dyre has infected 80.000 machines and is ready for the succulent period of Christmas.

Fraudulent ads
Other who are getting rich are the owners of the Xindi botnet, which would have infected between 6 and 8 million of computers by now, hosted in more than 5.000 organizations, among them the companies of Fortune 500, universities, financial entities and government administrations, to exploit the high broadband of these sites. Xindi creates a complex plan of fraud by ads which would have defrauded more than 3.000 million dollars to advertisers like Nissan, Monster, Honda, Verizon, McDonald’s, Uber and Home Depot.

Sensible divulgation
Poor advertisers, between adblockers and criminals of pay-per-view, it’s impossible settle the business! And we finish with an opinion article which attracted our attention because it talks about the always controversial issue of the “responsible” divulging of computing failures, to add a new concept: the “sensible” disclosing. We invite to our readers to take a look, it isn’t too long and gives some “food for thought”.
See you tomorrow!


Post a Comment