Black market prices for a Windows XP exploit cost anywhere from $50,000 to $150,000. One security expert expects prices to skyrocket when support for the OS is cut
A security expert said it is very likely that cyber criminals will exploit the impending retirement of Microsoft Corp.’s Windows XP operating systems.
Hackers that have developed zero-day exploits for XP will hoard them and sell them for a much higher price when the OS finally loses security free and paid security support from Microsoft in April 8, 2014, according to Jason Fossen, a trainer for the United States-based Internet security training firm SANS Institute.
Why would cyber criminals pay premium price for exploits against an OS that is being out to rest?
Because there are going to be lots and lots of XP users left to fend for their own when the clock strikes 12 for the OS.
Web analytics firm Net Applications estimates that no less than 37.2 per cent of the world’s PCs or about 570 million computers are still running the 12-year-old operating systems.
By the time we reach the retirement deadline for XP there will likely still be 28 million PC running the system.
Currently, in the United States, XP is believed to be deployed in 16.4 per cent of all computers. Analysts estimate there will only be a 9.1 to 11.1 per cent drop in usage by April next year.
The situation is much worse in China where XP holds the lion’s share of OS deployment at a staggering 72.1 per cent. While deployment is expected to drop by as much as 65.7 per cent by April, 2014, total number of XP machines in the country will be still more than that in the U.S.
Fossen admits there are no precedents to back up his speculations about XP zero-day exploits.
The last time Microsoft retired an OS was in 2010 when the company stopped supporting Windows 2000.
Windows 2000 did not have as many users as XP does.