swa66 - 1:06 pm on Jun 8, 2013 (gmt 0)
They have to pay some serious money for a zero-day exploit that hasn't been and likely won't be patched.
zero day exploits are offered for a few thousand on the black market.
The effort in weaponizing it and integrating it is not all that much in most cases I've looked at myself. It takes in elapsed time days at most. An most of these guys that do that are rather asocial, so let's assume it takes days at most for somebody with the right skillset.
- If the security bug is not made public and not massively exploited, it takes many months - I've seen up to well over a year between the first victim detecting it and Microsoft actually bothering enough to roll out a patch on Black Tuesday.
- It then takes months to many years before the victims the attackers are interested in actually deploy those patches.
So while it's true there's a limited shelf life to exploits, using them just below the radar of the mass press is enough to keep them good for many years to come - although they do deteriorate in value.
Taking away the command and control infrastructure of a botnet takes away 2 things (if done properly)
- the bots (now most botnet operators build in a lot of failsafe mechanisms these days in order to recuperate bots in the case of a command and control seizure)
- the control infrastructure itself
It does not take away in knowledge or code (and most likely also not any data that's considered valuable by the attackers (they'll store it in many places and retrieve it).
But taking that away is taking away things they "stole" from others, so even if they lost it, you cannot take back their initial investment in any way: they'll have gained orders of magnitudes more than they ever paid. And the most valuable resources can't be seized till you grab the culprits and put them behind bars (and even then ...)
To me rolling it up as a tool is valuable to protect the masses, but it's FAR from a blow to the bad guys.
They ROTFL with what MSFT's marketing and the press make of this for sure.