You have probably heard the term zero-day or zero-hour malware, but what exactly does it mean?
It’s simple: it just means the malware is using a software vulnerability for which there is currently no available defense or fix. The vulnerability allows the malware to perform actions on your system that should not be permitted, such as running arbitrary code. Such malicious actions can impact the confidentiality, integrity, or availability of your system.
If a vulnerability is known already (i.e. not a zero-day), then chances are the software vendor has patched it, and/or security software vendors have added defenses against it. So you can protect yourself against known vulnerabilities simply by keeping your software, including your anti-malware defense, up to date. But these precautions will not protect you against zero-days.
You can think of the search for new vulnerabilities as a race. When security researchers and good guys find them, they warn the software vendor so the vulnerability can be patched. The best practice (what’s called “responsible disclosure“) is to initially do this privately, so the bad guys won’t get a head’s up. Once some time has passed, allowing the vulnerability to be patched, the finding is made public. At this time, it might get a CVE number from the Mitre Corporation so that any interested party may refer to the vulnerability using a standard name.
Unfortunately, the bad guys are also in this race. They look for vulnerabilities in order to accomplish their ends, which generally involve ripping you off in some way. They try to find undisclosed vulnerabilities and create malware that takes advantage of them.
So are we defenseless against zero-day attacks? Happily, the answer is no. Anti-Exploit software like Malwarebytes Anti-Exploit can monitor your system for the sorts of actions associated with zero-day exploits and shut them down before they harm your system. If you’d like to learn more about the technical details, you may read about them in this blog post about how Malwarebytes Anti-Exploit works.