Was there ever a genuine zero day attack ?

Discussion in 'other anti-virus software' started by Joeythedude, Apr 20, 2009.

Thread Status:
Not open for further replies.
  1. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    I've been doing a bit of reading around zero day attacks.

    Just wondering if anyone has heard of a genuine zero day attack , that is the actual "in the wild" usage of an exploit that a vendor did not know about at that time .

    Cheers
    J
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,351
    Location:
    Paris
    Absolutely. For me they normally come in email attachments (which are run in a test machine VM for verification of the file being malicious). It's interesting seeing which of the AV's I have installed will pick it up the soonest.
     
  4. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Thanks , those are very interesting , esp 2).

    Thats anti-executable thats blocking 2) in the screenshots ?
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Yes. If my memory serves me, this was also blocked by those using ProcessGuard and Software Restriction Policies.

    This was more than 4 years ago and was the beginning of the realization for some of us that all of these drive-by exploits so called have the same objective: to install a malware executable, which can be easily blocked by White List protection, negating the need to detect by a signature. Hence 0-day, 50-day - it is irrelevant.

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.