Security Corner: Zero Day Attacks are on the Rise!
January 27, 2011
Zero day attacks are a very scary and real threat on the Internet today. A “zero day attack” is the name given to malware and/or viruses developed to exploit a vulnerability in software before the developer has a chance to distibute a security patch.
Zero day attacks can exploit software vulnerabilities in your web browser, its plug-ins, your operating system (OS), and any other piece of software installed on your system.
While most vendors release updates or patches to address the discovered vulnerabilities in their software products, the attackers are managing to stay ahead of them by exploiting undiscovered vulnerabilities. Adobe’s Acrobat Reader and Oracle’s Java programs are examples of frequently used software that have been a target of zero day attacks.
The malware or virus is distributed by infected websites that are often trusted and frequently visited, such as Facebook or CNN. They often disguise themselves as something legitimate, such as a pop-up window that claims that you should scan your computer for infections. Clicking on these types of messages enables the malware to install itself with your permission.
How can you protect yourself if there are no patches available?
- Update your web browser – Google Chrome and Mozilla Firefox have built-in updaters; Internet Explorer and Apple Safari get updated with the OS updater.
- Update your web browser plug-ins/add-ons – Adobe Reader, Adobe Flash, Oracle Java are just a few that are frequently used to view videos and read PDFs.
- Update your anti-virus software – institutional machines are managed by central IT; personal computers are maintained by their owners, so be sure to download the latest updates.
- Don’t respond to emails requesting personal information or containing unexpected attachments.
- Don’t click on links within unsolicited emails that take you to a website to enter personal information.
- Don’t install software that you did not explicitly purchase or obtain by trusted means.
- Research and ensure that any company with whom you are doing business on the internet is trusted and has a good reputation.
- Ensure any account, personal, or financial information sent over the internet is done over a secure connection; look for the security lock in your web browser and https in the navigation bar.