Zero-day Attack

Dennis Faas's picture

A zero-day or "0day" attack is a computer threat that tries to exploit computer application vulnerabilities for which no security fix is yet available. Zero-day exploits are used by attackers before the software vendor knows about the vulnerability.

The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public.

A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software.

Zerod-day Attack Methods

Malware writers are able to exploit zero-day vulnerabilities through several different methods.

For example, when users visit rogue web sites, code on the site may exploit vulnerabilities in web browsers. Web browsers are a particular target because of their widespread distribution and usage.

Hackers can also send email attachments, which exploit vulnerabilities in the application opening the attachment.

Typically badly written software will be vulnerable to several zero-day vulnerabilities in a short period of time. Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT.

Users with malicious intent can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.

Zero-day Vulnerability Window and Timeline

Zero-day attacks occur when a vulnerability window exists between the time a threat is released and the time security vendors release patches.

For viruses, Trojans and other zero-day attacks, the vulnerability window follows this timeline:

  • Release of new threat/exploit into the wild
     
  • Detection and study of new exploit
     
  • Development of new solution
     
  • Release of patch or updated signature pattern to catch the exploit
     
  • Distribution and installation of patch on user's systems or updating of virus databases

This process can last hours or days, during which networks experience the so-called vulnerability window.

Zero-day Protection

Zero-day protection is the ability to provide protection against zero-day exploits. Zero-day attacks also can remain undetected after they are launched.

Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, such as buffer overflows.

These protection mechanisms exist in contemporary operating systems such as Apple's Mac OS X, Microsoft Windows Vista, Sun Microsystems Solaris, GNU/Linux, Unix, and Unix-like environments; Microsoft Windows XP Service Pack 2 includes limited protection against generic memory corruption vulnerabilities.

Desktop and server protection software also exists to mitigate zero day buffer overflow vulnerabilities.

0day Pirated software

Zero-day warez (almost universally written '0day') refers to software, videos, music, or information unlawfully released or obtained on the day of public release. Items obtained pre-release are sometimes labeled Negative day or -day. Zero-day software, games, videos and music refers to the content that has been either illegally obtained or illegally copied on the day of the official release. These are usually works of a hacker or an employee of the releasing company.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
No votes yet