Make money at home attacking Windows!

A freelance coding site hosts a project to exploit the latest critical flaw in Microsoft Windows

The cash-for-exploits trend continues to grow this week, with a coding site offering to fund anyone who can produce an attack that compromises Windows computers through a just-reported critical flaw.

Freelance coding site Gun.io (pronounced "gun-yo") will pay any programmer that can produce an exploit for a severe vulnerability announced by Microsoft during its regularly scheduled Patch Tuesday update. The current bounty on the exploit has reached $1,451, a pittance compared to the price that vulnerability researcher might get for a similar but unknown flaw.

Microsoft announced the vulnerability on Tuesday and urged Windows users -- especially businesses -- to patch the issue as fast as possible. The vulnerability is particularly severe because it allows an attacker to remotely exploit systems from the Internet without needing to log in to the targeted computer. The flaw could be a vector for an Internet worm.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," Microsoft researchers stated in a blog post warning of the vulnerability.

Rick Jones, founder of Gun.io, posted the bounty notice soon after Microsoft's release. The bounty is for an exploit module that can be used in the Metasploit framework, a software program that allows security specialists to test network security. The modules, however, are also blueprints that can teach attackers how to recreate the exploit.

Paying researchers for exploit has taken off in the past two years. Earlier this month Google paid two researchers each a bounty of $60,000 for vulnerabilities and exploits that could be used to attack a Windows computer through the company's Chrome browser. Prices paid for such information has risen in the past few years because vulnerabilities are becoming harder to find and researchers are finding buyers in other markets, such as government agencies and the criminal underground.

The Gun.io bounty bucks that trend. But the funds are supplied by the site's members, so the price could eventually rise.

This story, "Make money at home attacking Windows!" was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies