Jul 15, 2014
The mention of a zero-day attack brings jitters to many people who use computers. The term may also be referred to as zero-day threat, zero-hour attack, or day-zero threat. Simply put, it is a threat or attack that takes advantage of computer application vulnerabilities that are yet to be discovered. It may also apply to vulnerabilities which have been discovered, but developers are yet to find a patch or fix for it. Due to having nil or zero days to address or correct the flaw, it is referred to as zero-day. Upon the creation of a fix or patch, it is no longer termed as a day-zero exploit.
How Zero-Day Attack Is It Discovered
Normally, malware or malicious software writers are among the first people that come across the vulnerability. Upon discovery, they will use it to exploit or manipulate computer applications. This is done through various vectors or avenues which include web browsers, emails, ads and more. By simply opening an application or attachment to an email, the attack will take effect. In order to take advantage of the situation, the malware is engineered. Nonetheless, computer programmers also have a hand in discovering the weaknesses of an application. By learning about an exposure they are able to develop a fix before the writers of malicious software make use of the window of opportunity. What Are The Concerns? The threat only takes place within a certain period known as window of opportunity. This is the period between when it is first noticed and when a fix or patch is released. The window of opportunity always varies. Some exploits are known to have existed for years before they were finally realized or fixed. A classic example is that of Microsoft’s Internet Explorer, which was discovered in 2008 yet the program had been released in 2001. The effects of the threat or virus include altering how an application is responding, interfering with network or internet security, stealing personal information, banking passwords, account information, credit details, and much more. Handling the Situation When a threat is revealed, developers will work round the clock to contain the situation. Usually, they will work on it without informing the general public. However, they may inform the public as a way of safeguarding them against the attack. After creating a patch, they will release it to the public. The developer usually goes four phases which are as follows: analysis, testing, reporting, and mitigation. The first method is heuristic scanning of viruses. This stops both known and unknown worms and bugs from entering the system. The second strategy is using firewalls which improve internet security. The third approach is making use of sites that employ Secure Socket Layer (SSL) which encrypts the information transmitted from the site to the computer. People should also be wary of opening email attachments or clicking links with PDF files or images. The caution should also apply to emails or links originating from trusty or reputable sources. Statistics show that this is the most common way of transmitting worms, Trojans, and viruses.