What is a “zero-day,” exactly? In information security, occasionally there is a brand new cybersecurity vulnerability or exploit in the news, and the reporter calls it a “zero-day” exploit. What are they talking about. This is a concept similar to “patient zero” in medical epidemiology. This is where the bad thing started to happen.
A zero-day vulnerability is a flaw in software code that has been undiscovered before now. Often a security researcher will discover the flaw, and the usual protocol is to report it to the software developer, giving them a chance to release a patch to fix the problem. Then , typically, the researcher publishes their findings, alerts are released, and software gets patched.
Sometimes a manufacturer or software company will ignore the researcher, and the information is published anyway. This causes the vulnerability to be exposed without a remediation being available, and creates a risk for users of that product.
Sometimes the vulnerability is discovered by an organization like the NSA, and they will stockpile the vulnerability without reporting it to anybody, and use it for surveillance purposes.
And on particularly bad days, the vulnerability is discovered by a cyber-criminal gang, and an exploit is developed by them to exploit the vulnerability for financial gain.
A zero-day exploit is a malware attack that takes advantage of the newly discovered vulnerability. Sometimes, a zero-day exploit is a brand new way to take advantage of an older known vulnerability. Either way, a zero-day exploit will generally work against any computer running the vulnerable code. The anti-malware software generally will not recognize a zero-day exploit, and will let it run on the targeted system. This makes zero-days particularly dangerous.
There is not a lot that an average person can do to combat a zero-day vulnerability. The best advice is to keep your operating system and software patched and up-to date.
Security software works on definitions for known exploits, and heuristics, or behavior based detection and quarantine capabilities to detect malware-like behavior in code. Anti-malware definitions cannot detect zero-days, but heuristics might. Run an anti-malware program that includes heuristics.
This is why zero-day vulnerabilities and exploits are so dangerous, they are hard to detect and sometimes impossible to remediate, at least in the beginning of the attack.