Zero Day Attacks and How to Prevent Them

A zero day attack is a malicious attack that identifies a vulnerability and exploits it before it has become known to the software vendor and the end user. The malicious attack can use the exploit to download malware, spyware, adware, phishing software, or any other type of malicious code with criminal intent.

When zero day attacks take place, it makes the security issue known before the software vendor is aware of the vulnerability and before they are able to create a patch to seal the security hole. In many cases hackers are the first ones to become aware of the security hole and then the vulnerability and the exploit become known at the same time.

Types of Zero Day Attacks

Malware programmers are capable of exploiting zero day security holes through a variety of different ways.

  • Websites: If a software program in your PC has a security hole that has yet to be discovered and you visit a website that is infected with malware, this is the perfect opportunity for the malware to exploit the vulnerability in your software program. The vulnerability could exist in your Web browser or another type of software that is installed on your PC.
  • Email: A zero day attack can also occur when you click on an email attachment that is infected with malware. Once you open the attachment, the malware can exploit any security holes that exist in your email client software or elsewhere in your PC.
  • Inferior Software: Zero day attacks will also exploit software that is poorly written. Generally this type of software contains multiple vulnerabilities that zero day attacks can exploit because the common file types are numerous and frequent. With poorly written software, it is easy for attackers to create malware that takes advantage of the common file types making it easy to attack the system and steal sensitive information.

Vulnerability Windows

Since zero day attacks expose a vulnerability that is unknown to the software vendor and the end user, it creates what is called a vulnerability window. A vulnerability window is the span between the time the exploit is released by the hacker until the distribution and installation of the patch is administered.

Zero-Day Protection

A vulnerability is usually not known in advance, therefore there is no way to guard against the attack before it happens. However, companies and individuals can take precautions to guard against the attacks such as firewalling a network, updating antivirus software, enabling browser protection, and employing buffer overflows. It is also a good idea to wait for a period of time before upgrading to a newer version of software. Vulnerabilities in new software are usually discovered in the beginning stages that follow distribution and the holes are repaired with updated security patches. If you wait to purchase the software, the chances of a zero day exploit by hackers is significantly reduced.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

Many Internet users are unaware that most anti-virus programs quickly become out of date as new and more sophisticated viruses enter the world of cyber-space everyday.

Anti-virus software must be consistently updated in order to remain effective. In some cases it is necessary to buy an entirely new program to help keep your computer virus free.

Most anti-virus programs allow you to update the original program by downloading the newest and most recent updates to their virus protection system. These updates can then provide protection for your computer against new strands of viruses waiting to infect your computer.