It looks like theres big bucks to be earned selling zero day exploits not however to bot network operators or spammers but to national governments looking to play dirty.
http://www.techdirt.com/articles/20140311/07593926528/surveillance-security-companies-set-up-zero-day-exploit-portals-governments-to-use-offensive-actions.shtmlJust under a year ago we wrote about Gamma International's use of Mozilla's trademark to trick people into installing surveillance malware from the company. A post from Privacy International points out the company has now set up what it calls the "Finfly Exploit Portal" providing: access to a large library of 0-day and 1-Day Exploits for popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader and many more.
Here's how it applies those exploits, as described by Privacy International:
By using the FinFly Exploit Portal, governments can deliver sophisticated intrusion technology, such as FinSpy, onto a target's computer. While it's been previously advertised that Gamma use fake software updates from some of the world's leading technology companies to deliver FinSpy onto a target's computer, the exploit portal puts even more power in the hands of government by offering more choices for deployment. Astonishingly, FinFly Exploit Portal guarantees users four viable exploits for some of the most-used software products in the world, such as Microsoft's Internet Explorer and Adobe's Acrobat programme.
Its such a shame that years of trust and reputation building are being demolished in a matter of minutes by those abusing the good names of many of the trusted softare providers we all know simply to turn a fast buck on a software flaw they can exploit, is "selfish scum" a fitting set of words for such degenerates ?
