A zero day virus is part of a series of attacks called ‘zero day threats’. These are attacks that seek to exploit vulnerabilities in software that has yet to be found or patched. As well as zero day viruses, there is zero day malware. The phenomenon is sometimes also referred to as zero day exploits.
As you can imagine, modern software is complicated and may contain many millions of lines of code. As hard as they may try, weaknesses in that code will make it past even the most rigorous QA testing and into the real world. Any attack that uses a weakness not known to the public or found by the programmers at release is called zero day because they have had zero days to protect against it.
It might help to know how virus scanners and malware checkers work to put this into context.
How virus scanners work
Every computer that connects to the internet should have some form of virus and malware scanning software. It scans every file you open for threats and will run scheduled scans on every file on your hard drive to see if it can find any viruses or malware.
To do this it uses two techniques, signature analysis and heuristics.
Signature analysis uses ‘virus definitions’ to identify malicious code. It uses a signature provided by the company who run the antivirus software and is essentially a snapshot of what a particular virus code looks like. The scanner has many of these signatures and will compare every file on your computer to one of these to see if it is a virus or not.
It is a very effective way of identifying malicious code but has one fatal flaw. It depends entirely on the virus being known. This means a security company must already have found it, identified it and shared the signature. Your software must then have downloaded the latest signature and be using it. Zero day attacks usually occur before these signatures can be produced.
Heuristics, or heuristic-based detection, is where the antivirus scanner will look for activity that looks like a virus. It looks at behavior, patterns in code and activity that isn’t typical of the file type to identify malicious code. Your antivirus software watches everything that goes on within the device and will stop any program or code that it thinks is suspicious or that looks like it is doing something it shouldn’t.
To be effective, your security software should be configured to always be running, to scan files in the background and to update itself regularly. Good quality security software will install with these settings as default. It is vital that you do not mess with these settings unless you really know what you’re doing.
Zero day virus
A computer virus is regarded as malicious code that attaches itself to another program. Once activated it will replicate itself and perform whatever action it was programmed to perform. This could be to overwrite files, delete them, propagate itself to other connected devices or something else.
Viruses are incredibly common and there are millions of different types of virus. Just like a biological virus, computer viruses can be mutated to do different things. Unlike a biological virus, it does not usually mutate itself but has to be mutated by someone.
Zero day malware
Zero day malware refers to malicious code that has been written to exploit as yet unknown (to users and programmers at least) vulnerabilities. Malware is spread in a variety of ways including drive-by attacks on infected websites, spam email, infected email attachments, phishing, infected ads and other vectors.
Malware is designed to perform a range of tasks from hijacking your device (ransomware), stealing your personal information, creating a botnet or joining one.
Zero day worms
Worms are self-contained programs that can find their own way onto your computer and perform actions without any activation. They can then delete files, spread across a network, copy logins and passwords and a range of other activities. Zero day worms, like the other zero day threats are those that have yet to be identified and mitigated against by security software providers.
Zero day Trojans
Zero day Trojans are more rare but are still a threat. Named after the famous Trojan horse that allowed Greek soldiers to hide inside to sack Troy, computer Trojans allow another person to access your device to wreak havoc or harvest your personal data.
How to protect yourself from zero day threats
So you now know that by their very nature, zero day viruses and malware are largely unknown to your antivirus software. It depends entirely on heuristics to see it the code is acting suspiciously or not and then do something about it. As you can imagine, this is an inexact science. So aside from using good antivirus software and a malware scanner, is there anything you can do to protect yourself from such threats?
Software patches are pieces of code written by vendors that plug vulnerabilities and fix bugs. Allowing all of your programs to automatically update will go a long way to minimizing the potential for exploits. This is especially true for operating systems. Whether you use Windows or OS X, you need to allow automatic updating to help protect your device.
Good internet hygiene
The internet is a wonderful resource but it is also a bit like the Wild West and some corners of it you just don’t want to go. Always keep your browsers up to date, allow your antivirus software to integrate with it and be careful where you go. Never click on email links from people you do not know and never download files unless you trust the provider.
Always use a firewall
A firewall works separately to your antivirus and watches all internet traffic into and out of your device. It scans traffic and can pick up anything strange and alert you to it. This is useful in preventing zero day threats ‘phoning home’ to report a successful infection or broadcasting your files or data back to their creator.
On its own a firewall is not very effective at preventing zero day threats. Used in conjunction with a good quality antivirus and malware scanner and it can strengthen your defenses significantly.