 | Anti
Virus
Yellow Pages |
As
if the viruses, worms, and spyware we already face aren't bad enough,
zero-day attacks are spreading fast! by Larry
Seltzer, PC Magazine.
What
is a zero-day attack? We define it as a virus or other exploit that
takes advantage of a newly discovered hole in a program or operating
system before the software developer has made a fix available -- or
before they're even aware the hole exists.
"Zero-day" is the day you open a virus-infected e-mail
attachment or
get hit by a drive-by download because the antivirus or antispyware
software you diligently kept up to date knew nothing of the brand-new
attacks.
Typically, when security researchers find a vulnerability or
hole in
some piece of software, they announce it, and then the companies work
on creating fixes as quickly as they can. These fixes, either patches
from the original software vendors or signatures -- tiny pieces of code
that identify threats -- are then quickly distributed.
Unfortunately, more and more frequently, we're seeing attacks
becoming
widespread before the fixes are in place. Some black hats are
identifying vulnerabilities on their own and exploiting them before the
Microsofts and Symantecs of the world know about them. "These attacks
are still relatively rare," says Saman Amarasinghe, CTO of the security
software company Determine. "But they're happening." Worse, many others
will attack a vulnerability within hours after a company such as
Microsoft tells the world it's there. In the past, virus writers needed
a certain amount of expertise to exploit a new software vulnerability.
Nowadays, there's ready access to tools that can take patch code and
almost instantly turn it into a worm or a virus.
One simple example came in August, when Microsoft announced a
serious
vulnerability in the Windows Plug and Play service. Microsoft released
a patch on the same day. Within a week, "proof of concept" exploit code
for the vulnerability appeared, followed by six actual worms,
specifically the Zotob family -- hardly instantaneous, but less time
than many companies might take to update all their vulnerable systems.
Article continues... Please see the referenced PC Magazine
issue for
the rest of it.
PLUS, in this same valuable issue, a
"Special
Report: SECURITY 94 WAYS TO PROTECT YOUR PC.