Criminals Offer Windows Zero-Day For £66,000 In Bitcoin

An unpatched Local Privilege Escalation (LPE) vulnerability in Windows is being touted for sale on an underground market for Russian-speaking cyber criminals.

Researchers at TrustWave said the marketplace allows hackers to buy and sell coding labour, exploit kits, botnets and other wares, but finding a zero day for sale is extremely uncommon, suggesting they could become a “commodity for the masses.”

“Dear friends, I offer you a rare product,” the cybercriminals declare in their zero-day sales pitch. “Exploit for local privilege escalation (LPE) for a 0day vulnerability in win32k.sys.”

Zero Day for sale

The seller said that the buyer would receive the source code of the exploit and a demo for the exploit, technical support, a detailed write up of the vulnerability details, complementary consultation on integrating the exploit according to your needs among other after market services.

But of course criminality like this does not cheap, and the seller is willing to accept offers starting from $95,000 (£66,000) in Bitcoins.

“Do not offer revenue sharing as payment,” the seller warned. “Respect your and my time.”

“It seems the seller has put in the effort to present himself/herself as a trustworthy seller with a valid offering,” said TrustWave. “One of the main indicators for this is the fact that the seller insists on conducting the deal using the forum’s admin as the escrow. In an update posted by the seller on 23rd of May it is stated that the exploit will be sold exclusively to a single buyer.

“Additionally, the seller provides two proof videos for any potential buyers that might be concerned with the validity of the offer.”

The first video apparently shows a fully updated Windows 10 machine being exploited successfully, by elevating the CMD EXE process to the SYSTEM account. The second video shows the exploit successfully bypassing all of EMET protections for the latest version of the product.

Layered Security

Trustwave noted that while the most coveted zero day would be a Remote Code Execution (RCE) exploit, Local Privilege Escalation vulnerabilities are likely next in line in popularity.

Trustwave said that it has notified Microsoft of the zero day offering and it continues to monitor the situation. In the meantime it advised Windows users to keep their software up-to-date, and bear in the mind that protection works best in layers.

The rate of zero day vulnerability discoveries actually doubled in 2015 from 2014, according to Symantec Security Response.

It also said that cybercriminals are adopting corporate best practices and establishing professional businesses to boost the efficiency of their attacks against enterprises and consumers.

Take our hacking and viruses quiz here!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago