How much for that exploit.. ?
For a engineer like me, numbers are like play-doh. But as a security enthusiast, I’m not spoiled with figures on the costs of attacks, exploits and similar. But here are some of the official cases that I’ve come across..
During December, a zero day exploit for the WMF-vulnerability was sold by russian hackers for roughly $4000 a piece
Also in December, a zero day exploit for an undisclosed vulnerability in Microsoft Excel was put for auction at Ebay - the bid reached $59, and had the time to attract 19 offers until it was removed by administrators.
Details of a single credit card is worth roughly $1 (0.83 euros) and details of a a card with a three digit pin for $5. Additional personal information such as social security numbers and similar might add another $100. Accounts with high balance might go as far as $100. I’ve also read somewhere that a single screendump from a banks teller’s terminal, showing account holder information and related facts, is worth about $400
iDefense, a lim of Verisign who performs vulnerability-based services, offers $10000 for un-disclosed vulnerabilities in Microsoft Windows.
Mozilla offers a $500 bug bounty for undisclosed critical flaws.
Microsoft offered $250000 for information leading to the arrest of the Sasser-author.
For $15 you could buy a virus creation kit, from Russia.