Professional Documents
Culture Documents
Zero day attack is the term used to describe the threat of an unknown security
vulnerability in a computer software or application for which either the patch has
not been released or the application developers were unaware of or did not have
sufficient time to address.
Since the vulnerability is not known in advance, the exploits often occur without
the knowledge of the users. A zero day flaw is considered as an important
component when designing an application to be efficient and secure.
The salient features of the zero day or day zero attacks are:
Zero day attacks usually occur between the time the vulnerability is first
found and exploited and the time the application developers releases the
necessary solution to counter the exploitation. This timeline is usually
termed as the vulnerability window.
Zero day attacks are capable of devastating a network by exploiting the
vulnerabilities of the applications involved.
They are not always viruses and can assume other malware forms such as
Trojan horses or worms.
For home computer users, the zero day attack is extremely difficult to
diagnose as the nature of attack is through a trusted entity.
Update of latest anti-malware software are often recommended, though it
can only provide a minimum security against a zero day attack.
WHY DO VULNERABILITIES POSE SECURITY RISKS?
Hackers write code to target a specific security weakness. They package it into
malware called a zero-day exploit. The malicious software takes advantage of a
vulnerability to compromise a computer system or cause an unintended behavior.
In most cases, a patch from the software developer can fix this.
What if your computer becomes infected? Exploit malware can steal your data,
allowing hackers to take unauthorized control of your computer. Software can also
be used in ways that were not originally intended — like installing other malware
that can corrupt files or access your contact list to send spam messages from your
account. It could also install spyware that steals sensitive information from your
computer.
If you’re an everyday computer user, a vulnerability can pose serious security risks
because exploit malware can infect a computer through otherwise harmless web
browsing activities, such as viewing a website, opening a compromised message,
or playing infected media.
WHAT MAKES VULNERABILITY A ZERO-DAY?
The term “zero-day” refers to a newly discovered software vulnerability. Because
the developer has just learned of the flaw, it also means an official patch or update
to fix the issue hasn’t been released.
So, “zero-day” refers to the fact that the developers have “zero days” to fix the
problem that has just been exposed — and perhaps already exploited by hackers.
Once the vulnerability becomes publicly known, the vendor has to work quickly to
fix the issue to protect its users.
But the software vendor may fail to release a patch before hackers manage to
exploit the security hole. That’s known as a zero-day attack.