As some vendors have expressed their definition of "Zero Day" exploits
ranging from malware, viruses that anti-virus software is not up to date
to weak policy practices or unapplied patches. MyDoom and Netsky
viruses are just one example of Zero Day Virus attacks, but in those
type of causes there is a trend before it hit an enterprise environment.
If you take the meaning of "zero-day" literally, then any new malicious
code could be considered "zero-day". But because every new malicious code
is "zero-day" by its very nature, it is usually inferred, and not even
taken into consideration. The discussion of "zero-day" threats (a term
mind you that is not new by any means, regardless of the latest hype from
security vendors) traditionally been limited to vulnerabilities, but has
now pretty much become a free-for-all, much like IPS.
I've seen vendors call CodeRed and Slammer zero-day threats. If you
disect that logic, then you come up with the following:
- the vulnerabilities in each case were known for weeks (or 1/2 year in
the case of Slammer), so they weren't zero-day
- the worm itself was new, but so is every past and future worm
So in essence the term has really become meaningless when used in that
context,
- Oliver
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
