Zero-Day Attack
From Wikipedia, the free encyclopedia
A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available.
Contents |
[edit] Attack vectors
Malware writers can exploit zero-day vulnerabilities through several different attack vectors. Sometimes, when users visit rogue Web sites, malicious code on the site can exploit vulnerabilities in Web browsers. Web browsers are a particular target for criminals because of their widespread distribution and usage. Cybercriminals can also send malicious e-mail attachments via SMTP, which exploit vulnerabilities in the application opening the attachment.[1] Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT. Criminals can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.[2]
[edit] Vulnerability window
Zero-day attacks can occur because a vulnerability window exists between the time a threat is released and the time security vendors release patches.
For viruses, Trojans and other zero-day attacks, the vulnerability window follows this timeline:
- Release of new threat/exploit into the wild
- Detection and study of new exploit
- Development of new solution
- Release of patch or updated signature pattern to catch the exploit
- Distribution and installation of patch on user's systems or updating of virus databases
This process can often last hours, during which networks experience the vulnerabilty window. One report estimates the 2006 vulnerability window at 28 days.[3]
[edit] Examples of zero-day attacks
- PowerPoint Zero-Day Attack May Be Case of Corporate Espionage from FoxNews
- New Trojan Horse Targets Microsoft Word from PC World
- Microsoft Issues Word Zero-Day Attack Alert from eWeek
[edit] References
- ^ "SANS sees upsurge in zero-day Web-based attacks" Computerworld http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005117
- ^ "E-mail Residual Risk Assessment" Avinti, Inc., p. 2 http://www.avinti.com/download/case_studies/whitepaper_email_residual_risk.pdf
- ^ "Internet Security Threat Report" Symantec Corp, Vol. X, Sept. 2006, p. 12