A zero-day or "0day" attack is a computer threat that tries to exploit computer application vulnerabilities for which no security fix is yet available. Zero-day exploits are used by attackers before the software vendor knows about the vulnerability.
The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public.
A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security fix to users of the software.
Zerod-day Attack Methods
Malware writers are able to exploit zero-day vulnerabilities through several different methods.
For example, when users visit rogue web sites, code on the site may exploit vulnerabilities in web browsers. Web browsers are a particular target because of their widespread distribution and usage.
Hackers can also send email attachments, which exploit vulnerabilities in the application opening the attachment.
Typically badly written software will be vulnerable to several zero-day vulnerabilities in a short period of time. Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT.
Users with malicious intent can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.
Zero-day Vulnerability Window and Timeline
Zero-day attacks occur when a vulnerability window exists between the time a threat is released and the time security vendors release patches.
For viruses, Trojans and other zero-day attacks, the vulnerability window follows this timeline:
- Release of new threat/exploit into the wild
- Detection and study of new exploit
- Development of new solution
- Release of patch or updated signature pattern to catch the exploit
- Distribution and installation of patch on user's systems or updating of virus databases
This process can last hours or days, during which networks experience the so-called vulnerability window.
Zero-day protection is the ability to provide protection against zero-day exploits. Zero-day attacks also can remain undetected after they are launched.
Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, such as buffer overflows.
These protection mechanisms exist in contemporary operating systems such as Apple's Mac OS X, Microsoft Windows Vista, Sun Microsystems Solaris, GNU/Linux, Unix, and Unix-like environments; Microsoft Windows XP Service Pack 2 includes limited protection against generic memory corruption vulnerabilities.
Desktop and server protection software also exists to mitigate zero day buffer overflow vulnerabilities.
0day Pirated software
Zero-day warez (almost universally written '0day') refers to software, videos, music, or information unlawfully released or obtained on the day of public release. Items obtained pre-release are sometimes labeled Negative day or -day. Zero-day software, games, videos and music refers to the content that has been either illegally obtained or illegally copied on the day of the official release. These are usually works of a hacker or an employee of the releasing company.
This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.
Free guide: Windows 8 Cheat Sheet: Keyboard Shortcuts. Microsoft Windows has always had some fantastic time-saving keyboard shortcuts designed to make our lives easier. For example: CTRL-X will cut text or objects, and CTRL-V will paste them. (Of course, you can use your mouse to achieve the same thing, but it requires clicking and fumbling through menus, which can be a huge time waster if you cut and paste 50+ times a day). With Windows 8, Microsoft has added many new keyboard shortcuts to their operating system; unfortunately, it's a bit of a learning curve. That's where the Windows 8 keyboard shortcuts cheat sheet comes in! Simply download the guide and reference it when you need to. You'll save a ton of time using your keyboard, rather than reaching for the mouse and flipping through oodles of menus trying to find what you're looking for. Share and enjoy! Click here to download this guide now! Note: this guide is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.