Was there ever a genuine zero day attack ?

Discussion in 'other anti-virus software' started by Joeythedude, Apr 20, 2009.

Thread Status:
Not open for further replies.
  1. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I've been doing a bit of reading around zero day attacks.

    Just wondering if anyone has heard of a genuine zero day attack , that is the actual "in the wild" usage of an exploit that a vendor did not know about at that time .

    Cheers
    J
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    973
    Location:
    Paris
    Absolutely. For me they normally come in email attachments (which are run in a test machine VM for verification of the file being malicious). It's interesting seeing which of the AV's I have installed will pick it up the soonest.
     
  4. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Thanks , those are very interesting , esp 2).

    Thats anti-executable thats blocking 2) in the screenshots ?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes. If my memory serves me, this was also blocked by those using ProcessGuard and Software Restriction Policies.

    This was more than 4 years ago and was the beginning of the realization for some of us that all of these drive-by exploits so called have the same objective: to install a malware executable, which can be easily blocked by White List protection, negating the need to detect by a signature. Hence 0-day, 50-day - it is irrelevant.

    ----
    rich
     
Thread Status:
Not open for further replies.