A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits.
The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for approximately 47% of the exploits that forum users requested, according to Trend Micro.
“Patching yesterday’s popular vulnerability can be more important than today’s critical one,” Mayra Rosario Fuentes, senior threat researcher at Trend Micro argued Monday at a presentation at the RSA Conference. She was previewing the research, which Trend Micro will release in July.