Zero-day attacks are meaner, more rampant than we ever thought
ArsTechnica
Computer attacks that target undisclosed vulnerabilities are more
common and last longer than many security researchers previously
thought. The finding comes from a new study that tracked the number and
duration of so-called zero-day exploits over three years.
The typical zero-day attack, by definition, exploits software flaws
before they are publicly disclosed. It lasts on average 312 days, with
some lasting as long as two and a half years, according to the study by
researchers from antivirus provider Symantec. Of the 18 zero-day attacks
the researchers found between 2008 and 2011, 11 of them previously went
undetected. Recent revelations that the Stuxnet malware that sabotaged Iranian nuclear facilities relied on five zero days
already underscored the threat posed by such attacks. But the
researchers said their findings suggest the menace may be even greater.
"Zero-day attacks are difficult to prevent because they exploit
unknown vulnerabilities, for which there are no patches and no
anti-virus or intrusion-detection signatures," they wrote. "It seems
that, as long as software will have bugs and the development of exploits
for new vulnerabilities will be a profitable activity, we will be
exposed to zero-day attacks. In fact, 60 percent of the zero-day
vulnerabilities we identify in our study were not known before, which
suggests that there are many more zero-day attacks than previously
thought—perhaps more than twice as many."
Researchers Leyla Bilge and Tudor Dumitras conducted a systematic study
that analyzed executable files collected from 11 million computers
around the world from February 2008 to March 2012. Three of the zero-day
exploits they found were disclosed in 2008, seven were disclosed in
2009, six were disclosed in 2010, and two were disclosed in 2011. (The
binary reputation data the researchers relied on prevented them from
identifying attacks in 2012.) An attack on many versions of Microsoft Windows, which appears to have gone undetected as a zero day until now, had the shortest duration: just 19 days. An exploit of a separate security bug in the Windows shell had the longest duration: 30 months.
notícia completa no site da ArsTechnica