New Technology Market: Zero-day Exploit

The World Wide Web has triggered the organization of hackers, criminals, internal threats, politics, social behavior groups and anonymous groups to evoke anxiety about the individual, the private sector, and the public sector. Participants of these threats can exploit malware, rootkits, spam, botnets, and other threat pathways. The task of IT and system administrators is to test the existing security updates and software fixes on the existing systems of the organization, apply patches and install them. However, if you try to mitigate security vulnerabilities, this task may conflict with time.

A zero day (or zero hour or zero day) attack, threat or virus is a threat of a computer trying to exploit vulnerabilities in computer applications that other people or software developers do not know and is also referred to as zero-day vulnerability. Before the target software developer understands this vulnerability, an attacker uses or shares a zero-day vulnerability (the actual software that attacks using security vulnerabilities). Universal file compression format for PC or compatible machine, WinZip or Winrar utility for compressing and decompressing files. Compressed files usually end with a ".zip" file extension. The special compressed file is self-extracting type and ends with the extension ".exe". Macintosh OSX also supports. Zip format and has tools for compressing and decompressing zip files.

Vulnerability attacks are an important tool for an attacker to attempt to compromise a computer or web server. Zero-day vulnerability is an attacker's holy grail, it is an unknown vulnerability that has not been patched by software vendors. With the rapid growth of the new zero day market, an attacker is willing to pay a large amount of money against serious vulnerabilities of commonly used software. Many software vendors are attempting counterattacks by paying "bonus prize" to researchers who discovered the vulnerability of their products.

Why is Stuxnet so bad? Well, the first thing about this attack is the new unknown attack method Stuxnet uses (the so-called "zero day Windows attack"). Attackers highly appreciate these attacks and rarely waste multiple zero day attacks in a single attack. There are four Stuxnet. Second, it loads the (driver) software into the core of the victim system. The Windows operating system is really paying much attention to loading the software to its highest privilege level - the only way to do this is to ensure that the code is signed by a trusted vendor It is that. The digital certificate used for this purpose is usually a strictly secured secret, but Stuxnet uses two corrupted digital certificates to perform this operation.