'0'oh day attack

'0'oh day attack

A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-softwarevulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.





Window of vulnerability

steps of windows of vulnerability

• A company’s developers create software, but unbeknownst to them it contains a vulnerability.
• The threat actor spots that vulnerability either before the developer does or acts on it before the developer has a chance to fix it.
• The attacker writes and implements exploit code while the vulnerability is still open and available
• After releasing the exploit, either the public recognizes it in the form of identity or information theft or the developer catches it and creates a patch to staunch the cyber-bleeding.

Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days but months and sometimes years before a developer learns of the vulnerability that led to an attack.

Worms

Zero-day worms take advantage of a surprise attack while they are unknown to computer security professionals. Recent history shows an increasing rate of worm propagation. Well designed worms can spread very fast with devastating consequences to Internet and otherwise.

Viruses

A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.