Zero Day Attacks and How to Prevent Them

A zero day attack is a malicious attack that identifies a vulnerability and exploits it before it has become known to the software vendor and the end user. The malicious attack can use the exploit to download malware, spyware, adware, phishing software, or any other type of malicious code with criminal intent.

When zero day attacks take place, it makes the security issue known before the software vendor is aware of the vulnerability and before they are able to create a patch to seal the security hole. In many cases hackers are the first ones to become aware of the security hole and then the vulnerability and the exploit become known at the same time.

Types of Zero Day Attacks

Malware programmers are capable of exploiting zero day security holes through a variety of different ways.

  • Websites: If a software program in your PC has a security hole that has yet to be discovered and you visit a website that is infected with malware, this is the perfect opportunity for the malware to exploit the vulnerability in your software program. The vulnerability could exist in your Web browser or another type of software that is installed on your PC.
  • Email: A zero day attack can also occur when you click on an email attachment that is infected with malware. Once you open the attachment, the malware can exploit any security holes that exist in your email client software or elsewhere in your PC.
  • Inferior Software: Zero day attacks will also exploit software that is poorly written. Generally this type of software contains multiple vulnerabilities that zero day attacks can exploit because the common file types are numerous and frequent. With poorly written software, it is easy for attackers to create malware that takes advantage of the common file types making it easy to attack the system and steal sensitive information.

Vulnerability Windows

Since zero day attacks expose a vulnerability that is unknown to the software vendor and the end user, it creates what is called a vulnerability window. A vulnerability window is the span between the time the exploit is released by the hacker until the distribution and installation of the patch is administered.

Zero-Day Protection

A vulnerability is usually not known in advance, therefore there is no way to guard against the attack before it happens. However, companies and individuals can take precautions to guard against the attacks such as firewalling a network, updating antivirus software, enabling browser protection, and employing buffer overflows. It is also a good idea to wait for a period of time before upgrading to a newer version of software. Vulnerabilities in new software are usually discovered in the beginning stages that follow distribution and the holes are repaired with updated security patches. If you wait to purchase the software, the chances of a zero day exploit by hackers is significantly reduced.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.