Zero-Day Attack

From Wikipedia, the free encyclopedia

It has been suggested that this article or section be merged into Zero day. (Discuss)

A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available.

1 Attack vectors
2 Vulnerability window
3 Examples of zero-day attacks
4 References
5 See also
6 External links

[edit] Attack vectors

Malware writers can exploit zero-day vulnerabilities through several different attack vectors. Sometimes, when users visit rogue Web sites, malicious code on the site can exploit vulnerabilities in Web browsers. Web browsers are a particular target for criminals because of their widespread distribution and usage. Cybercriminals can also send malicious e-mail attachments via SMTP, which exploit vulnerabilities in the application opening the attachment.^[1] Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT. Criminals can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.^[2]

[edit] Vulnerability window

Zero-day attacks can occur because a vulnerability window exists between the time a threat is released and the time security vendors release patches.

For viruses, Trojans and other zero-day attacks, the vulnerability window follows this timeline:

Release of new threat/exploit into the wild
Detection and study of new exploit
Development of new solution
Release of patch or updated signature pattern to catch the exploit
Distribution and installation of patch on user's systems or updating of virus databases

This process can often last hours, during which networks experience the vulnerabilty window. One report estimates the 2006 vulnerability window at 28 days.^[3]