What is a zero-day attack? Is it another Normandy or a day where the entire world's computers go down? The definition of a zero-day attack is a virus or exploit that uses a newly found security flaw or a previously not known entry. It is a considerable concern to IT professionals and network users because even the most vigilantly maintained and secure networks could be preyed upon by this threat. Scary? Definitely for administrators and techs who have to answer for computers and networks going down. Downtime, however minimal, can be a very expensive or cause serious delay in productivity. Ultimately, what can be done to minimize their damage?

"Zero day is the day you open a virus-infected e-mail attachment or get hit by a drive-by download because the anti virus or anti spy ware software you diligently kept up to date knew nothing of the brand-new attacks." 1 Usually some security researching institute or software developer finds a vulnerability or exploit, it is announced and a fix is worked on. Sometimes though the patch is not released fast enough and the virus is being carried away on a tide of chain linked infections.

The biggest problem currently is the trend that viruses and attacks are happening on more and more computers before the fix is even created. This is one side of the coin however, one day zero worm, the zotob family, came out within a week of Microsoft announcing and patching its plug and play vulnerability. Updating a system as fast as possible or regularly for some companies and corporations is not quite fast enough, leaving their systems vulnerable. Generally these day-zero attacks, however rare compared to the number of computer users that are out there, are done by black hats. Most of the serious attacks are done by these crackers who exploits flaws previously unknown and catch administrators and developers off guard. 2

Companies such as Panda, are using heuristics and other software that doesn't just look for virulent signatures, but for abnormalities Sometimes catching new bugs before they become a larger problem or stop them right away. Wildly enough there are a few companies hiring black hats to find problems in their software. The closer the danger, the farther away from harm right? This might be the case for many reformed black hats, but there is a danger of black hats exploiting a company for their own personal gain, selling trade secrets or deliberate damage.

Many black hats are selling out their exploits to get well-paid jobs, but should hackers release previous findings to the public? Personally I should think specifics of such a exploit/vulnerability should not be public knowledge and be disclosed. The actual mechanics of their research should be handed over to the appropriate authorities or corporation and let them handle it. If nothings done about that problem, then create a fix for it, instead of creating a bad reputation for yourself.

Combating these new attacks, many companies are switching to alternative operating systems other than Microsoft products or diversifying their operating systems to decrease their risks. Eventually, with growing numbers in alternative solutions such as Linux, more attacks could come about, nullifying this solution. Conclusively, there really isn't a solution to this emerging computing difficulty. Regular updating, maintenance and diversifying your companies network can only be the best preventative measure.

1. http://www.pcmag.com/article2/0,1759,1880013,00.asp
2. http://www.vmware.com/company/news/articles/wsj_4.html
http://www.theregister.co.uk/2002/07/15/security_industrys_hackerpimping...
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci955554,00.html