As if the viruses, worms, and spyware we already face aren't bad enough, zero-day attacks are spreading fast!   by Larry Seltzer, PC Magazine. November 22, 2005 Pg. 109-110.

What is a zero-day attack? We define it as a virus or other exploit that takes advantage of a newly discovered hole in a program or operating system before the software developer has made a fix available -- or before they're even aware the hole exists.

"Zero-day" is the day you open a virus-infected e-mail attachment or get hit by a drive-by download because the antivirus or antispyware software you diligently kept up to date knew nothing of the brand-new attacks.

Typically, when security researchers find a vulnerability or hole in some piece of software, they announce it, and then the companies work on creating fixes as quickly as they can. These fixes, either patches from the original software vendors or signatures -- tiny pieces of code that identify threats -- are then quickly distributed.

Unfortunately, more and more frequently, we're seeing attacks becoming widespread before the fixes are in place. Some black hats are identifying vulnerabilities on their own and exploiting them before the Microsofts and Symantecs of the world know about them. "These attacks are still relatively rare," says Saman Amarasinghe, CTO of the security software company Determine. "But they're happening." Worse, many others will attack a vulnerability within hours after a company such as Microsoft tells the world it's there. In the past, virus writers needed a certain amount of expertise to exploit a new software vulnerability. Nowadays, there's ready access to tools that can take patch code and almost instantly turn it into a worm or a virus.

One simple example came in August, when Microsoft announced a serious vulnerability in the Windows Plug and Play service. Microsoft released a patch on the same day. Within a week, "proof of concept" exploit code for the vulnerability appeared, followed by six actual worms, specifically the Zotob family -- hardly instantaneous, but less time than many companies might take to update all their vulnerable systems.

Article continues... Please see the referenced PC Magazine issue for the rest of it.

PLUS, in this same valuable issue, a "Special Report: SECURITY 94 WAYS TO PROTECT YOUR PC.

Free Incremental Backup Software | How Do You Back Up Files | Zip Backup Software | How To Open Back Up Files | Back Up Software Free | FTP Backup Freeware