A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, that person or company can notify the software company and sometimes the world at large so that action can be taken to repair the exposure or defend against its exploitation. Given time, the software company can repair and distribute a fix to users. Even if potential hackers also learn of the vulnerability, it may take them some time to exploit it; meanwhile, the fix can hopefully become available first.With experience, however, hackers are becoming faster at exploiting a vulnerability and sometimes a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent on the same day. Since the vulnerability isn’t known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection of an exploit.
A study released by Symantec in early 2004 found that although the number of vulnerabilities discovered was about the same in 2003 as in 2002, the time between the vulnerability and exploits based on it had narrowed. According to the infoAnarchy wiki, “14-day” groups and “7-day” groups carry out an exploit within 14 or 7 days of a product’s market release. Conducting a zero-day exploit establishes crackers as members of the elite, because they must have covert industry connections to gain the inside information needed to carry out the attack.
Let i explain step by step about zero day attacks.
Vulnerability Introduced: 99 times out of 100 this is a simple programming error or oversight that could quite literally have happened years ago. The problem could have existed for that entire time, but again, if no one knows about it then there’s no one to exploit it, so it remains benign.
Vulnerability Discovered by Hackers: once a new vulnerability is discovered the race is on. Hackers will try to keep the nature of the problem to themselves for as long as possible so as to delay as long as possible any patch that might remove it.
This begins what I’m calling the Window of Complete Vulnerability: there’s a bug in the operating system, there is malware that exploits it, anti-malware software does not yet detect the new malware, and there is no fix for the problem in Windows. In essence, there’s little you can do at this point.â€
Malware Exploiting the Vulnerability Discovered by Anti-Malware Vendors: at some point the existence of the problem becomes public knowledge, usually in the form of finding and then reverse engineering malware that somehow exploits it.
Exploiting Malware detection added to Anti-Malware Databases: as new viruses and spyware are detected, the anti-malware vendors keep adding information to detect those to their databases. This is why it’s so critical that you keep your anti-virus and anti-spyware databases as up to date as possible. Without the latest updates your scanners will not know how to detect the latest threats.
This is also the beginning of what I loosely call the period of Partial Vulnerability. Some, though of course not all, of the malware that makes use of the recently discovered exploit can now be detected and blocked by anti-malware tools. This is only partial safety: the operating system vulnerability still exists and there is no fix for it yet, and new viruses and spyware will be written making use of the same vulnerability and staying one step ahead of the anti-malware vendors database updates.
Vulnerability Fixed by System Patch or Update: at some point Microsoft will release a patch that fixes the underlying problem. Systems that have been updated to include the patch are now safe from this vulnerability and malware that attempts to exploit the problem on those systems will now fail to do so. That’s why it’s so important to make sure your system is updated regularly in addition to just keeping your anti-malware databases up to date.
Computer security Computer security Systems, Computer security programming Computer security Systems, Computer-security-programming, hacker, Malware, vulnerability, zero-day