Zero-Day Attack – What It Is, And How It Affects You

Zero-Day Attack – What It Is, And How It Affects You

Jul 15, 2014

The mention of a zero-day attack brings jitters to many people who use computers. The term may also be referred to as zero-day threat, zero-hour attack, or day-zero threat. Simply put, it is a threat or attack that takes advantage of computer application vulnerabilities that are yet to be discovered. It may also apply to vulnerabilities which have been discovered, but developers are yet to find a patch or fix for it. Due to having nil or zero days to address or correct the flaw, it is referred to as zero-day. Upon the creation of a fix or patch, it is no longer termed as a day-zero exploit. How Zero-Day Attack Is It Discovered Normally, malware or malicious software writers are among the first people that come across the vulnerability. Upon discovery, they will use it to exploit or manipulate computer applications. This is done through various vectors or avenues which include web browsers, emails, ads and more. By simply opening an application or attachment to an email, the attack will take effect. In order to take advantage of the situation, the malware is engineered. Nonetheless, computer programmers also have a hand in discovering the weaknesses of an application. By learning about an exposure they are able to develop a fix before the writers of malicious software make use of the window of opportunity. What Are The Concerns? The threat only takes place within a certain period known as window of opportunity. This is the period between when it is first noticed and when a fix or patch is released. The window of opportunity always varies. Some exploits are known to have existed for years before they were finally realized or fixed. A classic example is that of Microsoft’s Internet Explorer, which was discovered in 2008 yet the program had been released in 2001. The effects of the threat or virus include altering how an application is responding, interfering with network or internet security, stealing personal information, banking passwords, account information, credit details, and much more. Handling the Situation When a threat is revealed, developers will work round the clock to contain the situation. Usually, they will work on it without informing the general...

banner