In February 2015, Microsoft identified a critical vulnerability in its Windows operating system that potentially allowed a malicious attacker to remotely control the targeted computer. The problem affected a wide variety of Windows operating systems including, Vista, 7, 8 and various others designed for servers and mobile computers.
The company immediately issued a fix. But it didn’t take long for details of the vulnerability to spread through the hacker community.
In April, cybersecurity experts found an exploit based on this vulnerability for sale on a darknet marketplace where the seller was asking around $15,000. In July, the first malware appeared that used this vulnerability. This piece of malware, the Dyre Banking Trojan, targeted users all over the world and was designed to steal credit-card numbers from infected computers.
The episode provided a key insight into the way malware evolves. In the space of just a few months, hackers had turned a vulnerability into an exploit, offered this for sale, and then saw it developed into malware that was released into the wild…