Researchers from Trustwave’s SpiderLabs research team recently discovered a new zero-day exploit that affects all versions of Windows from Windows 2000 all the way up to Windows 10.
Trustwave initially discovered the exploit last month after seeing it advertised on a Russian hacking forum for the not-so-affordable price of $95,000. According to security researcher Brian Krebs, the exploit is of the “local privilege escalation” variety and, as a result, works in tandem with other exploits.
“An attacker may already have a reliable exploit that works remotely,” Krebs explains, “but the trouble is his exploit only succeeds if the current user is running Windows as an administrator. No problem: Chain that remote exploit with a local privilege escalation bug that can bump up the target’s account privileges to that of an admin, and your remote exploit can work its magic without hindrance.”
In other words, the aforementioned zero day exploit by itself won’t enable a malicious attacker to compromise a system. Nonetheless, Trustwave notes that it’s “still a very much needed puzzle piece in the overall infection process.”
In an effort to prove that the exploit is legit, the seller of the zero day, an individual who goes by the handle “BuggiCorp”, posted two videos of the exploit to YouTube, one of which can be viewed below.
BuggiCorp wants to be paid in Bitcoin and indicated that he’s willing to put the payment into escrow for any wary buyers.
As an aside, Trustwave notes that one of the more interesting aspects of the story is that zero day exploits are now becoming something of a mainstream commodity as opposed to being sold exclusively “in the shadows.”
In this business you usually need to “know people who know people” in order to buy or sell this kind of commodity. This type of business transaction is conducted in a private manner, meaning either direct contact between a potential buyer and the seller or possibly mediated by a middle man.
As such, a zero day being offered for sale stood out among the other offerings in an underground market for Russian-speaking cyber criminals. This specific forum serves as a collaboration platform where one can hire malware coders, lease an exploit kit, buy web shells for compromised websites, or even rent a whole botnet for any purpose. However, finding a zero day listed in between these fairly common offerings is definitely an anomaly. It goes to show that zero days are coming out of the shadows and are fast becoming a commodity for the masses, a worrying trend indeed.
Trustwave notes that they’ve alerted Microsoft of the exploit and will post any updates if and when they hear anything back.