WiFi Finder

Locate wireless services by a specific address, city, state, country, airport, or zip code.

Get Connected Now

RSS Feeds

Get our latest content via convenient RSS feeds.

See All RSS Feeds

Become a PCW Member

Join the community and start enjoying the benefits:

Get tech advice from thousands of PC World Members
Rate and recommend the latest tech products
Share your thoughts in blog and article comments
Get free excerpts and exclusive discounts on Super Guides

Signing up is free and easy.

Zero-Day Malware Attacks You Can't Block

No matter how diligently you patch your PC, it may still be vulnerable during the first hours of a previously unseen attack. Here's what you should know about zero-day hazards and the security holes they exploit.

Ryan Singel

Illustration: Stuart Bradford

You're no security slouch. You keep your programs up-to-date, and you have antivirus installed. You're careful about where you surf and what you install on your computer.

But last September, if you had visited a blog hosted by HostGator, a top-tier provider based in Florida, your PC's browser would have been summarily redirected to an infected Web site that exploited a vulnerability in an old Microsoft image format.

Within seconds, a payload of malware would have invaded your computer.

Had this happened, you'd have fallen victim to a zero-day exploit--an attack against a software flaw that occurs at a time when no patch to correct the problem exists. The term originally described a vulnerability that was exploited "in the wild" (that is, outside a research lab) on the same day that a patch became available for it, leaving IT staffs zero intervening days to close the hole.

Today, the value of zero-day exploits to online criminals is skyrocketing precisely because the attacks can break into up-to-date, well-maintained systems. Last December, for instance, Trend Micro chief technology officer Raimund Genes noticed a sales pitch scrolling by in an Internet chat room: A hacker wanted to sell an undisclosed vulnerability in a beta version of Windows Vista for a staggering $50,000, though Genes was unable to determine if anyone bought the code.

"There's much more of an organized undercurrent now," says Dave Marcus, security research manager for McAfee. "[The criminals] have figured out they can make money with malware."

A Zero-Day Attack Marches On

Illustration: Stuart Bradford

Last September SunbeltSoftware discovered attacks against a vulnerability in Vector Markup Language graphics, which are rarely seen but still supported in Windows. Within a week, criminals infected thousands of sites with poisoned images capable of inflicting a drive-by-download attack on any hapless user who viewed the image.

Page 1 of 7
Next »

See more like this:
security,
PC,
patch,
zero day,
attack,
vulnerability,
software,
exploit,
threat,
browser,
OS

"Zero-Day Malware Attacks You Can't Block" Comments

Mobile Computing

Make the most of your computing on the go. Subscribe to the Mobile Computing Newsletter.

Dell Small Business Servers

Collaboration, mobility, and security made easy. Learn the benefits of server-based networking.

Featured APC Accessories

APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

Deal Breakers

Special Offers for PC World Users

Dell Windows 7 Deals Win7 Weekend Sale at dell.com!
Laptops starting at $499 after Instant Savings

Focus on Personal Productivitysponsored by Microsoft

Personal Finance 2.0 These free and fee-based Web services not only aggregate data from your online bank accounts, they give you tools for managing your money.
High-Tech Travel Tips Plenty of stories provide advice for elite mobile professionals. But what about you, the unproductive traveler?