Zero-day threats are all over the news when they are discovered, but what are they exactly? In short, zero-day threats are vulnerabilities found in software that are currently being exploited in the wild without the developers having found a fix for them. In other words, the developer has zero days to prepare for such an exploit. One of the latest vulnerabilities of this nature utilizes Internet Explorer, and thankfully, there is now a patch for it.
This threat, dubbed the Double Kill Internet Explorer vulnerability, was found by Chinese developers from a computer security company called Qihoo 360 Core Security. While they have been reluctant to provide any specifics about what this bug does, this doesn’t mean that you should let up on keeping a lookout for any warning signs. Granted, looking for these warning signs is considerably more difficult when you don’t know how to address or identify them, but it never hurts to err on the side of caution whenever possible.
This zero-day threat uses Word documents to spread. They leverage a flaw in the Windows VBScript engine to install a backdoor into the victim’s device. Basically, when the Word document is opened, Internet Explorer will also open up in the background, triggering a download to an executable file. This file installs the Trojan horse malware without giving the user any reason to suspect that it exists. The hacker can then access the device at their leisure.
Knowing what the threat is makes it easier to combat, but we still don’t necessarily know much about it for sure. For example, it’s not clear if all Word documents are affected, or if the threat uses Microsoft Office itself to infiltrate. It’s not even clear what role Internet Explorer has in the attack, or if the documents can be identified before the attack has taken place. Either way, it’s difficult at best to identify zero-day threats, so it’s critical that you keep security best practices in mind to prevent them from becoming major issues.
To get started on improving your security, you need to understand the basics. For starters, you should never download a file from an unknown source. If you get suspicious emails that claim to be resumes, receipts, or other documents, always approach them with a grain of salt. It’s not always clear whether or not you’ll encounter dangerous entities while conducting business, but you can never be too careful or cautious. Enterprise-level security solutions provide an extra layer of security.
If your organization needs security solutions, Succurri can help. To learn more, reach out to us at (480) 795-2181.