Zero Day Attack

A zero-day attack is a virus or other exploit that is used to take advantage of a vulnerability in a computer application before a fix for the vulnerability has been released, or even before the vulnerability has been announced.

Generally, when software is released for use, it is fully functional, but some backdoor vulnerabilities may be undiscovered. When computer security researchers discover such bugs, they tend to announce them so that the company can start creating a patch. Within the relatively short period between announcement and patch, however, attackers may be able to exploit the vulnerability. Such attacks are few in number but increasing.

Anti-virus or anti-spyware software will not be able to detect and block a zero-day attack because it will not be able to react quickly enough.

Even when the patch is provided for software, it takes about a day before each computer using that software is upgraded—enough time for the attackers to exploit the vulnerability. Such an attack is included as a zero-day attack.

Some examples of zero-day attacks:

1. On November 09, 2006, there was a zero-day attack on a part of Windows called the XMLHTTP 4.0 ActiveX Control. When a web browser opened an infected web page in Internet Explorer (IE), it called the ActiveX control, which then helped the attacker to cause a buffer overflow. Attackers were then able to download spyware and steal data.

2. An attack took place against Microsoft Word around May 2006. In this case, the exploit was in the form of a Word document attachment to an email. When a user opened a Word document attached in an email, the vulnerability created a backdoor able to mask itself from anti-virus scanners. The Symantec DeepSight Threat Analyst Team confirmed this vulnerability.