What is zero-day malware?
Published 08/08/2016 | 02:30
Zero-day malware exploits a previously unknown vulnerability and uses it to attack software.
The software vulnerability can be used by hackers to attack computer programmes and adversely affect their data and networks.
The term 'zero-day' refers to the amount of time the software's author has to mitigate the damage caused by the malware.
Such attacks are treated as 'severe threats' and can occur in a vulnerability window - the time between the moment a threat is released and the development of protection against the virus, known as a patch.
The vulnerability window could range from a short period to multiple years. For instance, in 2008, Microsoft revealed an Internet Explorer vulnerability that affected a few versions of Windows released during 2001.
Given that the attacks are generally unknown to the public it is often very difficult to defend against them, increasing their threat level and potential to cause serious disruption.
Zero-day threats have previously been discovered by major companies including Adobe and Microsoft.
In June, Adobe issued a security advisory, warning of un-patched critical security holes in its popular flash-player software.
Just a month before that, Microsoft issued a statement warning of a zero-day threat for people using Microsoft Word.
Patches to deal with threats are included in monthly security updates, but these can also be rushed out in between regular updates to deal with severe threats.