The Heartbleed bug has turned cyber criminals from attackers into victims as researchers use it to grab material from chatrooms where they trade data.
Discovered in early April, Heartbleed lets attackers steal data from computers using vulnerable versions of some widely used security programs.
Now it has given anti-malware researchers access to forums that would otherwise be very hard to penetrate.
The news comes as others warn that the bug will be a threat for many years.
French anti-malware researcher Steven K told the BBC: “The potential of this vulnerability affecting black-hat services (where hackers use their skills for criminal ends) is just enormous.”
Heartbleed had put many such forums in a “critical” position, he said, leaving them vulnerable to attack using tools that exploit the bug.