What is Zero Day Threat?
A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which occurs before or on the first (or 'zeroth') day on which a developer is aware of the exploit or bug. This means that no security update is known because developers were not aware of the vulnerability or threat.
Attackers exploit zero-day vulnerabilities through various vectors. Web browsers are the most common because of their popularity. Attackers also send emails with attachments that exploit vulnerabilities in software attachments. A zero-day threat is also known as a zero-hour attack or a day-zero attack.
Zero-day exploits are often carried out by well-known hacking groups. Usually, the zero-day attack takes advantage of a bug that neither the developers nor the users are aware of. This is exactly what the malicious programmers expect. If a hacker detects a software vulnerability before the software developers do it, they can create a worm or virus that can exploit the vulnerability and harm computers.
Not all zero-day attacks actually take place before software developers discover the vulnerability. In certain cases, the developers recognize and understand the vulnerability. However, it may take time to develop the patch in order to fix it. In addition, software vendors may occasionally postpone a patch release to flood users with multiple individual updates. If the developers determine that the vulnerability is not particularly dangerous, they can postpone the patch release until a number of patches have been compiled. Once these patches are collected, they are released as a package. However, this strategy is risky as it could result in a zero-day attack.
Zero-day attacks occur within a time frame known as the vulnerability window. This ranges from the first vulnerability exploit to the point at which a threat is encountered. Attackers manipulate malicious software (malware) in order to exploit common file types, to compromise the attacked systems and to steal valuable data. Zero-day attacks are carefully carried out for maximum damage - usually within a day. The window of the vulnerability could range from a small period of time to several years. For example, in 2008 Microsoft revealed an Internet Explorer vulnerability that infected some versions of Windows in 2001. The date on which the attacker originally discovered the vulnerability is unknown, but the vulnerability window could be as much as seven years in this case.