Zero-Day Attacks on the March
Zero-day attacks are on the rise. According to Dan Blum, senior vice president and research director at Burton Group, "With more targeted attacks and better attack construction tools, there is much more 'zero day' malware in the wild." One reason for this increase is that malware creation is evolving from the byproduct of a wayward hobby into a dangerous tool now used by organized crime.
Examples of zero-day attacks seen within just the past 12 months include:
Early last year, a zero-day vulnerability was discovered in Apple Computer's Mac OS X. A flaw in the way the operating system handled certain meta data opened the door to automatically installing malicious code through a bad Web site or email. It took Apple three attempts to patch the flaw.
In May, a criminal group began exploiting a Microsoft Word vulnerability. Users were being tricked into opening rigged documents that installed a Trojan horse, which then allowed the criminals to capture sensitive information, including banking and financial data. Advanced features of this Trojan horse masked it from anti-virus scanners.
In October, a flaw in Microsoft Internet Explorer was being used in targeted zero-day attacks. Spyware was being loaded onto the PCs of anyone visiting the Web sites of affected companies.
In December, Microsoft issued a security advisory stating that a second zero-day vulnerability in Microsoft Word was being exploited. Criminals were selectively targeting corporations with deceitful emails designed to install a Trojan horse for compromising private information.
Between December 2006 and February 2007, four zero-day attacks were confirmed against the Microsoft Office desktop productivity suite, with the latest using unsolicited Microsoft Excel files to launch the attack. Microsoft said users of other Office applications (Word, PowerPoint, Outlook, Access, etc.) are potentially at risk.
Protecting Endpoints from Zero-Day Malware
In the case of the latest zero-day exploit of Excel, Microsoft is advising users to download and install one of several Office service packs. There's one for each currently supported version of Office. Sounds simple enough. But for the corporate IT manager, how exactly do you push the correct service packs to each and every one of your end users in a somewhat uniform and timely manner?
Zero-Day Updates with iPass Device Management
Using Device Management from iPass, IT can group like machines and create a custom package for each group containing the correct Office service pack. IT can then schedule the automatic delivery and installation of those packages on each affected remote and mobile system the next time they touch the Internet. Using this service, the IT department can also actively monitor the compliance status of their enterprise user base.
Everyday Updates with Device Management
Device Management is also a great way to automate routine software distribution and updates to nomadic systems. Available as enterprise software or an iPass-hosted service, Device Management streamlines and automates patch management for Microsoft Windows operating system and anti-virus updates. It uses Shavlik Technologies' HFNetChk engine to automatically assess end-user systems for new vulnerabilities and deploy Microsoft patches in record time.
Try iPass Device Management on Us
For a limited time, you can experience the power of iPass Device Management first-hand at no cost or obligation. Whether you are trying to protect endpoint devices from zero-day attacks, simplify Patch Tuesday or just looking to automate remote and mobile software distribution, don't miss out on this free evaluation offer.
Learn about the qualification details for this free evaluation here.
"Significant Changes Ahead for 2007 Anti-Malware Market," Burton Group Press Release, December 12, 2006.
The term "zero day" is derived from the timing of the associated attacks. These attacks are designed to take place within a relatively short amount of time-usually less than one day. Hence the term "zero day." Zero-day attacks take the form of viruses, Trojan horses and worms.
Since the attacks are so quick and there is so little time to react, traditional anti-virus tools are ineffective against this type of crime, as they rely on signature-based detection to find and eradicate malware. What's worse, because the criminals have such a small window of opportunity, they are sure to carefully orchestrate the attacks to do the maximum amount of damage in the shortest amount of time. By the time a company realizes it's under attack, it's over and the damage is already done.
Examples of zero-day attacks seen within just the past 12 months include:
Protecting Endpoints from Zero-Day Malware
