Zero-day exploit

Exploit for a vulnerability which has yet to be patched

A zero-day exploit is an attack taking advantage of a vulnerability in a piece of software or operating system, for which the developer has yet to release a patch.

When a vulnerability is discovered by malware creators, or found by researchers and disclosed without giving adequate advance notice to the developers, the flaw can be exploited by malware which can infect systems even if they are fully patched and up-to-date. In such instances malware authors often send out spam containing files using the exploit, or linking to web pages which use it, to infect and gain control of as many vulnerable systems as possible before they are patched.

The term zero-day has recently come to be applied to any threat which emerges very soon after the disclosure of a vulnerability, even when a patch has been released, as the speed of the attack means that many users will not have had time to update their software to the safe level.

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Career Sidebar

Virus Bulletin

In this month's magazine:
  • Social networking meets social engineering
  • Flying solo
  • Geneva convention
  • 7th German Anti Spam Summit 2009
  • Anti-phishing landing page: turning a 404 into a teachable moment
  • An update on spamming botnets: are we losing the war?
  • Windows Server 2008 Standard Edition SP2 x86
Virus Bulletin 10 2009
Subscribe now!
Virus Bulletin currently has 190,960 registered users.