What’s a Zero Day Attack?
One of PC Pitstop’s contributors, Leo Notenboom from Ask Leo!, recently wrote a post on what a zero-day attack is. Leo went into great detail explaining this exploitation methodology. The short version is, a zero-day attack occurs when cyber criminals exploit a software vulnerability that is not publicly known. The term zero-day comes from the idea that the software companies have zero-days to fix the vulnerability before it is exploited by hackers.
Zero-day attacks are typically quite successful for hackers, since these vulnerabilities are only known by the bad guys. Because of this, they have the opportunity to install malware through these exploits. In order to bypass traditional antivirus (AV) solutions, the cyber criminals use an unknown malware variant. Traditional AV programs that use a blacklist solution for malware detection will allow any unknown programs/files to execute. Therefore, a door is being held wide open for attack.
If users begin implementing an AV which uses application whitelisting as their primary method of malware detection, zero-day attacks will not be successful. Application whitelisting treats all unknown programs/files as untrusted applications. Therefore, they are not allowed to execute until they have been proven safe. For example, a cyber criminal finds a security gap in Adobe. Adobe has already been tested and proven safe, but–the hacker is going to exploit this gap and install malware on all PCs that have this vulnerability. So, the hacker will trigger a malicious executable via this security hole. Because this malicious executable has not been proven safe, it will not run on devices using application whitelisting.