Zero Day: Virus, Exploits, Attacks and Vulnerabilities

Exploits, attacks, vulnerabilities—what it all means to you

A conceptual illustration of Zero Day exploits destroying a laptop computer.

 Theresa Chiechi / Lifewire

It sounds like a bad action movie title but Zero Day and a Zero Day computer virus are both incredibly real and more common than most people realize. A Zero Day virus could even strike you when you move to the next website a few minutes from now (although you might think your computer security is tighter than Fort Knox).

What Is Zero Day?

Computer security experts are constantly working worldwide to protect computer systems from vulnerabilities, exploits, and attacks. They can't find every potential weakness instantly, of course, but the day they do is momentous.

They call it Zero Day: The actual day a developer or security expert uncovers a flaw or a vulnerability in a computer program or network. It's the day that there is no patch yet for the problem and the program or network is at the highest risk of attacks by cybercriminals.

The days following Zero Day are the considered among the most dangerous because if cyber security experts have uncovered the flaw, so have hackers. And they, of course, are busy trying to take advantage of the problem before the fix is found and applied.

The longer a Zero Day vulnerability goes undetected, the more damage hackers can do. While some hackers seek to destroy computer data, others want your money in bitcoin ransom, and still others want your personal information for use in identity or other types of theft.

What Is a Zero Day Virus?

A Zero Day virus is one that computer security experts either don't yet know about or they have discovered a vulnerability but hackers have beaten them to the punch in terms of developing a way to exploit the vulnerability before a fix is found. The virus can be any kind of malware, really: A Trojan, a worm, a phishing email scam, spyware, etc.

What Is a Zero Day Vulnerability?

By definition, a vulnerability is a weakness. In terms of computers, a vulnerability is a weakness in the design, implementation, operation or internal control of a computer or computer network. Vulnerabilities are hunted down with the use of automated tools, customized scripts, and other relentless research by hackers. Once found, the game of cat-and-mouse begins, with hackers playing the role of cat.

Computers are not the only things impacted by Zero Day viruses. Smartphones are just as vulnerable, as are tablets, laptops and even wearable devices like smartwatches and fitness trackers. Any device that connects to the internet can be targeted.

What Is a Zero Day Exploit?

When a vulnerability is uncovered, hackers create a variety of programs designed to exploit the weakness in question. Perhaps there is a backdoor in a computer system that secretly allows an employee to bypass an authentication procedure. Or maybe a program has a bug in it that allows a hacker to add destructive code to it. Maybe an insider takes advantage of his role in a company to plant a virus. Whatever the scenario, hackers are hard at work finding a way to take advantage of the vulnerability to get to whatever end result they desire.

What Is a Zero Day Attack?

Zero Day attacks can occur in many, many different ways. Some are large-scale, such as the 2016 denial-of-service attack on Dyn, a domain name system provider, and designed to take down corporations that serve large numbers of computer users. The attack on Dyn, for example, took down major websites and services including Amazon, AirBNB, Netflix, Spotify, Visa, and more. Other Zero Day attacks are much smaller: You might see one in your own email inbox when you open your next phishing email or become a victim of spoofing when you click a link and wind up on a fake website.

How Do I Know If I Have a Zero Day Virus?

You won't until you hear about a new virus on the news or your antivirus or another program suddenly alerts you to update your software. Remember, these viruses can come from anywhere at any time. Given enough time, a software developer can work out the severity, fix the code, and create a patch which is released as an update for the impacted software. They'll issue the update as soon as they have it in an effort to thwart cyber thieves.

It's most likely at that point that you will have any clue there is a problem, unless the attack has brought down computer networks on a large enough scale for the media to discuss it.

How Do I Get a Zero Day Virus?

A Zero Day is simply the term used to describe the first day a vulnerability of some kind is discovered by cyber security experts. You could contract a related virus before experts even know about it in software you download, an email you open, a pop up ad or some link you click on a website; the list goes on and on. There is no way to completely protect yourself since no one knows where the next Zero Day attack will come from. There are different things you can do, however, to limit your exposure to the next Zero Day threat.

How Can I Avoid Getting a Zero Day Virus?

Your best defense against any Zero Day threat is to install and regularly update a strong antivirus and malware protection program. Free programs are useful to some degree but it's often worth the expense to open your pocketbook and purchase a pro or extended version from a reliable antivirus provider.

Some programs work well in Windows, others work best on Macs, iOS or Android, and still others can work across many platforms. Here are some tips to help you:

  • Android: Because you use your phone for everything from calls to surfing the internet, your Android antivirus app should block against malware, viruses, suspicious websites and more.
  • iPhone: Your phone is basically a mobile computer, so the best antivirus for iPhone or other iOS devices should keep it protected from malware designed to phish your personal information as well as attempts to access your private data.
  • Windows: The best antivirus for Windows offers comprehensive protection without much system overhead.
  • Mac: Yes, even Macs can be attacked by Zero Day threats. Your best options can identify and remove all types of malware, including adware, spyware, ransomware, and more.

A proactive approach to computer security in general is the best way to combat any kind of threat, including Zero Day.