« Rootkit Webcast | Main | The new face of phishing »
February 04, 2006
Zero day for you?
The term zero-day is pretty common, and used to mean an attack which is happening before anyone in the security community knows about it. It is commonly used to talk about worms and viruses, with the meaning that a zero-day worm has no "signature".
With the recent Nyxem worm, Sana's SafeConnect detected it without signatures. By the time we had analyzed it, only one other anti-virus company had a signature for the sample that we had. Within the next 4 days, the other 22 odd anti-virus products that we test against duly added signatures for the worm.
The customers of the last product to get a signature would then have had a "zero-day" attack possibly proceeding for 4 days!