Feeds & Podcasts
Blogs
- Consumer (478)
- Corporate (155)
- Enterprise (466)
- McAfee Labs (1126)
Meet the Bloggers
- Abhishek Karnik
- Adam Pridgen
- Adam Wosotowsky
- Aditya Kapoor
- Ahmed Sallam
- Alex Hinchliffe
- Allysa Myers
- Anil Ramabhatta
- Anindita Mishra
- Anna Stepanov
- Apurv Anand
- Arun Pradeep
- Arun Sabapathy
- Avelino Rico Jr
- Ben Edelman
- Bhaskar Krishna
- Bing Sun
- Brad Antoniewicz
- Brant Yaeger
- Brenda Moretto
- Brian Kenyon
- Brian Mann
- Carlos Castillo
- Cedric Cochin
- Chen Yu
- Chintan Shah
- Chris Barton
- Craig Schmugar
- Cyber Mum Australia
- Dan Sommer
- Dave Klenske
- David Marcus
- David Rayhawk
- David Scharoun
- Dennis Elser
- Denys Ma
- Di Tian
- Dirk Kollberg
- Dmitry Gryaznov
- Dr. Phyllis Schneck
- DThakkar
- Editor
- Elodie Grandjean
- Eric Peterson
- Eric Schou
- Federico Barbieri
- Felix Martinez
- Francie Coulter
- Francisca Moreno
- Francois Paget
- Gabriel Acevedo
- Gaith Taha
- Gary Davis
- Gavin Struthers
- Geok Meng Ong
- Georg Wicherski
- George Kurtz
- Gert Jan Schenk
- Girish Pillai
- Guilherme Venere
- Haowei Ren
- Harish Garg
- Hiep Dang
- HongZheng Zhou
- Igor Muttik
- James Duldulao
- James Galpin
- Jan Volzke
- Jeremy Gilliat
- Jim Walter
- Jimmy Kuo
- Jimmy Shah
- Joe Telafici
- Joel Spurlock
- Joey Koo
- John Dasher
- Jon Paterson
- Jonathan Zdziarski
- Juan Bocanegra
- Karthik Raman
- Kevin Beets
- Kevin McGhee
- Kevin Watkins
- Kim Eichorn
- Lang Tibbils
- Latha Ramasamy
- Lianne Caetano
- Lokesh Kumar
- Madhurima Pawar
- Marc Olesen
- Marius van Oers
- Mark Olea
- Matthew Wollenweber
- Meirgen Krehs
- MFEChannelChief
- Micha Pekrul
- MihwaLee
- Mike Price
- Mohinder Gill
- Monty Ijzerman
- Nandi Kishore
- Navtej Singh
- Neha Joshi
- Nick Kelly
- Nikfar Khaleeli
- Nishad Herath
- Nitin Jyoti
- Nitin Kumar
- Oliver Devane
- PageOne Pr
- Paolo Palumbo
- Paras Gupta
- Patrick Comiotto
- Patrick Knight
- Paula Greve
- Pedro Bueno
- Peter Meyer
- Peter Szor
- Pradeep Govindaraju
- Prajwala Rao
- Prashanth PR
- Rachit Mathur
- Rafal Wojtczuk
- Rahul Kashyap
- Rahul Mohandas
- Raj Samani
- Ravi Balupari
- Rizwan Husain
- Robert Ross
- Robert Siciliano
- Rodney Andres
- Romain Levy
- Rusty Carter
- Ryan Permeh
- Sam Masiello
- Schalk Cronjé
- Seth Purdy
- Shane Keats
- Shannon Cole
- Sharath Veerabhadraswamy
- Shinsuke Honjo
- Simon Cooper
- Simon Hunt
- Stephen Karkula
- Stina Wikstrom
- Stuart McClure
- Sudarshan Swamy
- Swapnil Pathak
- Tad Heppner
- Ted Rooney
- Tim Fulkerson
- Todd Gebhart
- Toralv Dirro
- Tracy Mooney
- Tracy Ross
- Ugur Sahsi
- Umesh Wanve
- Varadharajan Krishnasamy
- Vinay Mahadik
- Vinoo Thomas
- Vitaly Zaytsev
- Vivek Chudgar
- Vu Nguyen
- Wei Wang
- Xiao Chen
- Xing Su
- Yang Zhang
- Yichong Lin
- Zhedong Chen
- Zhu Cheng
Archive
- February 2012 (18)
- January 2012 (47)
- 2011 (482)
- 2010 (431)
- 2009 (395)
- 2008 (294)
- 2007 (416)
- 2006 (169)
Tags
#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity
Zero Day Threats, Part 1: What They Are, and What They're Not
|
|
During the past seven years at McAfee Avert Labs, I’ve had the opportunity to fill several roles. More recently I’ve stepped away from day-to-day threat processing and focused on mid- and long-term threat intelligence. Namely this includes threat forecasting; gathering and analyzing threat trends and upcoming influential factors to forecast what may lie ahead. The resulting data is being used by customers to help them plan for the future, invest more wisely, and mitigate risk. The information also helps drive and shape McAfee product offerings.
One of the areas that I’ve spent some time analyzing is that of the zero-day threat. The first step when considering a threat is to define it. Over the years, the term zero day has been used for a number of things; from vulnerabilies and exploits, to viruses, Trojans, and even spam and phish. I define a zero-day threat as follows:
| The public availability of exploit information on the same day that a vulnerability is publicly disclosed. |
Exploit information does not necessarily mean a working exploit, or even proof of concept code, but at a minimum it means that enough technical details are available for someone to find the vulnerability on their own, to create a working exploit.
This definition excludes a number of things that some would not like to exclude:
- Malware that doesn’t exploit anything new. Some like to refer to new malware as a zero-day threat, so that they can claim zero-day protection. We already have a term for that, proactive protection.
- Spam & phish that doesn’t exploit anything new. The same applies here.
- Vulnerabilities that are privately disclosed to the vendor. I do not consider brief, yet public, “Upcoming Advisories” that are published when a vendor is notified to be a zero-day threat; unless sufficient vulnerability details are also made public.
The two recent Yahoo Messenger vulnerabilities were an interesting case. Ryan Naraine’s blog has a good write-up. eEye published an “Upcoming Advisory” after discovering the vulnerabilies and reporting them to the vendor. A Yahoo spokesperson inadvertently spilled the beans and gave additional details that were not public. While I wouldn’t say that those details were sufficient to call these zero-day threats at that point, they were enough for a researcher to find the vulnerability within an hour, give or take. The results of that research, proof-of-concept exploit code posted to the Full Disclosure mailing list, were zero-day threats. Shortly thereafter, other exploit code was posted to the Web, and attacks were discovered in the field. In the end it didn’t much matter what the zero-day timestamp was for this threat, Yahoo users were put at risk, and certainly attacked. Yahoo did manage to turn around a patch in an amazing 48 hours, but surely there are many thousands of users who have yet to apply the patch.
There’s much more to cover on the topic of zero-day threats. Stay tuned for part 2 of this series.
– Update June 14 –
Part 2 has been posted: Zero-Day Threats, Part 2: Who’s Behind Them and Why?
|
|
Submit your own comments / message for this post