Zero Day Attacks
Jason Kephart
� Purpose
• The purpose of this presentation is to describe
Zero-Day attacks, stress the danger they pose
for computer security professionals as well as
every day users, and provide insight as to
what can be done about them in order to
minimize the adverse effects
� What is an exploit, exactly?
• An exploit is a malicious piece of software,
data, or sequence of commands
• It “exploits” or takes advantage of a
vulnerability to cause an unintended behavior,
such as enabling super user account
privileges, acquiring sensitive data, or even
taking control of a host to use in a distributed
attack
� What is a Zero-Day attack?
• A Zero-Day attack is an exploit that attacks a
previously unknown vulnerability in a
computer application.
• Occurs on “day zero” of awareness
• Developers have had zero days to address the
vulnerability, thus rightly naming these attacks
as Zero-Day attacks
� What does this mean?
• For businesses and private users alike
• As is known, information is crucial to the life
of a business, and any vulnerability can create
widespread problems
• Since zero-day attacks are the most dangerous
and unexpected, special consideration must
go to making sure certain preventative
measures are taken
� Dangers of a Zero-Day Attack
• Constant Threat
– New code is developed every day, which translates
to new vulnerabilities to exploit for malicious
hackers
• Hard to protect against
– It can be very difficult to find clever software
vulnerabilities
• Unexpected in nature
� Danger (cont.)
• Zero-Day attacks are the most dangerous type
of exploit
• By definition, developers do not yet know of
the vulnerabilities that zero-day attacks
exploit
– This is primarily why zero-day attacks are so
treacherous
• The vulnerabilities must be fixed, but this
takes time
� Window of Exposure
• Period of time when vulnerabilities remain
dangerous
• The window of exposure for vulnerabilities is
between the time when the vulnerability is
discovered (by the criminal underground or
ethical hackers) and a patch is released and
deployed onto systems.
• An empirical study shows that the average
window of exposure for a zero-day attack is ten
months!
�Window of Exposure
� Notable Zero-Day Attacks
• Stuxnet
• Duqu
• Flame
• Downadup
• Fujacks
• Ramnit
� Stuxnet
• Most extensive zero-day exploit
• Takes advantage of four different zero day
vulnerabilities in software
– Very unusual
• Zero-day attacks are valuable to the criminal underground
– Also adding to the peculiarity, it was written in
multiple languages, including C and C++
• Perfect example of a complicated exploit
– Can be transferred via USB or similar
�This graphic details the
widespread problems
associated with a zero-
day exploit
� Preventative Measures
• Secure Coding
– Difficult to administer but really the only “sure”
way
• Patching
– Must be done for measures against host
computers
– Consistency is key
� Secure Coding
• Also known as defensive programming, it is an
important goal to constantly work towards
• Secure coding is the practice of software
engineering and making sure no
vulnerabilities or glitches exist in the software
• Writing code can be very difficult, and making
sure no loopholes exist in code can be even
more difficult to realize
– Secure code doesn’t happen by itself
� Secure Coding (cont.)
• To ensure that secure coding practices are
followed, software engineering standards
need to be in place
– developers are actively working towards secure
and glitch-free code
– Standardized methods must be generalized,
therefore because they are followed it does not
‘guarantee’ security of code, only helps
� Patching!
• A patch is a piece of software designed to fix
problems with, or update a computer program
or its supporting data
• Acquires the latest patch by the vendor so
that your computer isn’t vulnerable to
malicious hackers that now know of the
vulnerability
• Application developers write patches for
vulnerabilities once they are found
� Patching! (cont.)
• Automatic Patching – Highly Recommended!
• As shown in the window of exposure model,
once a patch is created by the developer,
there is still time for a hacker to reverse
engineer a patch to find the vulnerability and
attack those who have not yet installed the
patch
� Conclusion
• Zero-day exploits, although very dangerous,
are only a fraction of the attacks placed on
hosts and networks.
• Vigilance and persistence is necessary in a
computer security environment
– Bad guys are always working towards the next
vulnerability
– The only way to defend against new attacks
� References
• Bilge, Leyla, and Tudor Demitras. "Before We
Knew It." (2012): n. pag. Web.
• Mills, Ellinor. "Details of the First-ever Control
System Malware." Cnet. N.p., 21 July 2010.
Web.
• Symantec. "Notable Zero Day Attacks." N.p.,
n.d. Web. 2013.
• Go Team, VMWare. "The Importance of
Patching Third-party Applications."
Vmware.com. N.p., 1 Aug. 2012. Web. 2013.
