9 comments

[ 3.4 ms ] story [ 26.5 ms ] thread
AVG stopped me from extracting that file. Phew!
Can't gauge if this comment is sarcastic or not..
I share the sentiment. Some time ago I was investigating some nasties that were spreading via web (Firefox plugins exploits) and I had to switch off the antivirus just to be able to view the content of the text file.
Yeah, that's pretty much what I meant. No sarcasm. I have 50+ PCs with AVG Network Edition. So I was glad to see that AVG had already put this exploit on the block list.
I thought the term 0-day was meant to indicate a exploit conceived of and executed before even a full day had passed from the release of the software being attacked. It seemed to come from the game/software cracking scene where the sooner you crack it the more credential you get. It seems to be getting used to mean "new" or "previously unknown to anti-virus writers" or something relatively mundane. Certainly nothing to do with a "0th day" anything, unless I missed something in the link.
In hacking circles I believe it means an exploit for a bug that a patch does not currently exist for, or maybe the bug isn't even publicly known.
I thought so too.

I did wonder if it's being labelled as 0day because a different patch was released yesterday (but surely that would only work if the patch was directly related to the latest exploit?)

Of course, I could just be over-analysing.

"A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities."

"The term zero-day can also be used to describe warez-group releases of pirated software on or before the release of the software."

http://en.wikipedia.org/wiki/Zero-Day_Attack

I think "zero-day attack/exploit" is basically a euphemism for "oh shit, didn't see that one coming"