ID: IRCNE2012101651
Date: 2012-10-21
According to "scmagazine", a new report shows that zero-day attacks are more prevalent than previously thought and persist longer than expected before being detected – in some cases for more than 300 days.
Security firm Symantec published the findings, which showed that the typical zero-day attack, an exploit for a vulnerability for which there is no patch available, lasted about 10 months on average before being discovered.
Through data retrieved from some 11 million computers running Symantec anti-virus software, researchers studied 18 zero-day cases that occurred between 2008 and 2010. They found that the majority of these attacks, 11, involved vulnerabilities that had never before been publicly known.
The authors of the report – Leyla Bilge and Tudor Dumitras, senior research engineers at Symantec Research Labs – said that while zero-day attacks are not major threats to most users, they are serious for the organizations being targeted.
“It seems that as long as software will have bugs and the development of exploits for new vulnerabilities will be a profitable activity, we will be exposed to zero-day attacks," the report said.
- 2