For several years many articles about computer, network, or Internet compromise mention the phrase “zero day exploit” or “zero day attack,” but rarely do these articles define what this is. A zero day exploit is any attack that was previously unknown to the target or security experts in general. Many believe that the term refers to attacks that were just released into the wild or developed by hackers in the current calendar day.
This is generally not the case. The “zero day” component of the term refers to the lack of prior knowledge about the attack. The main feature of a zero day attack is that since it’s an unknown attack, there are no specific defenses or filters for it. Thus, a wide number of targets are vulnerable to the exploit.
Zero day attacks have been discovered recently that are potentially seven years old, specifically the Flame or Skywiper discovered in early 2012. However, it’s much more common for zero day exploits to have existed for months before discovery.
Once security researchers become aware of a new zero day exploit, they quickly develop detection and prevention measures in the process of their forensic analysis. These new detection and defense options are distributed and shared with the security community. Once organizations and individuals install updates or make configuration changes, they can be assured that their risk of compromise from that specific attack has been significantly reduced or eliminated. Once detection and defense are possible, an exploit is no longer considered a zero day as there is now notification of its existence.
In 2012, there have been several fairly significant discoveries of exploits and attacks that were labeled as zero day. These include:
- Flame/Skywiper is used for targeted cyber espionage against Middle Eastern countries
- An IE exploit that allows hackers to remotely install malware onto Windows systems running IE 7, 8, or 9
- A Java exploit that allows hackers to remotely install malware onto system running Java 5, 6, or 7
Next week we’ll look at ways hackers find new vulnerabilities and weaknesses.
Reproduced from Global Knowledge White Paper: Zero Day Exploits