Security 10816 Published by

Hackers may bank their Windows XP zero-day exploits and cash them in after Microsoft stops patching the aged operating system next April.



From Computerworld:
Hackers could find themselves in the catbird seat on April 8, 2014 -- the day Microsoft plans to stop patching Windows XP. As security expert Jason Fossen sees it, those who have zero-day exploits for XP will bank them until that day and then sell them to crooks or loose them themselves on unprotected PCs.

It's simply economics at work, said Fossen, a trainer for the SANS Institute since 1998.

"The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft's response," said Fossen. When a new vulnerability -- dubbed a "zero-day" -- is detected, Microsoft investigates, pulls together a patch and releases it to XP users.
  Hackers may cash in when XP is retired