Zero Day Attacks and How to Prevent Them

A zero day attack is a malicious attack that identifies a vulnerability and exploits it before it has become known to the software vendor and the end user. The malicious attack can use the exploit to download malware, spyware, adware, phishing software, or any other type of malicious code with criminal intent.

When zero day attacks take place, it makes the security issue known before the software vendor is aware of the vulnerability and before they are able to create a patch to seal the security hole. In many cases hackers are the first ones to become aware of the security hole and then the vulnerability and the exploit become known at the same time.

Types of Zero Day Attacks

Malware programmers are capable of exploiting zero day security holes through a variety of different ways.

  • Websites: If a software program in your PC has a security hole that has yet to be discovered and you visit a website that is infected with malware, this is the perfect opportunity for the malware to exploit the vulnerability in your software program. The vulnerability could exist in your Web browser or another type of software that is installed on your PC.
  • Email: A zero day attack can also occur when you click on an email attachment that is infected with malware. Once you open the attachment, the malware can exploit any security holes that exist in your email client software or elsewhere in your PC.
  • Inferior Software: Zero day attacks will also exploit software that is poorly written. Generally this type of software contains multiple vulnerabilities that zero day attacks can exploit because the common file types are numerous and frequent. With poorly written software, it is easy for attackers to create malware that takes advantage of the common file types making it easy to attack the system and steal sensitive information.

Vulnerability Windows

Since zero day attacks expose a vulnerability that is unknown to the software vendor and the end user, it creates what is called a vulnerability window. A vulnerability window is the span between the time the exploit is released by the hacker until the distribution and installation of the patch is administered.

Zero-Day Protection

A vulnerability is usually not known in advance, therefore there is no way to guard against the attack before it happens. However, companies and individuals can take precautions to guard against the attacks such as firewalling a network, updating antivirus software, enabling browser protection, and employing buffer overflows. It is also a good idea to wait for a period of time before upgrading to a newer version of software. Vulnerabilities in new software are usually discovered in the beginning stages that follow distribution and the holes are repaired with updated security patches. If you wait to purchase the software, the chances of a zero day exploit by hackers is significantly reduced.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.