{"id":1651,"date":"2017-04-25T13:21:58","date_gmt":"2017-04-25T13:21:58","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1651"},"modified":"2020-10-05T13:50:04","modified_gmt":"2020-10-05T08:20:04","slug":"most-present-day-malware-attacks-exploit-zero-day-vulnerabilities","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/most-present-day-malware-attacks-exploit-zero-day-vulnerabilities\/","title":{"rendered":"Most Present-Day Malware Attacks Exploit Zero-Day Vulnerabilities"},"content":{"rendered":"

A significant number of today’s malware attacks are through zero-day exploits. The reason \u2013 many enterprises do not have the resources to identify zero-day exploit attacks. Relying on their legacy antivirus solution<\/em> for their system security program, many do believe that they are safe. However, this is far from reality. Legacy antivirus solutions provide cyber security<\/a> that is effective only against known malware and viruses. The definitions of the known malware are maintained as a blacklist, and files or applications are checked against these lists. And if they exist, the detected malware is blocked. All other files\/applications are considered safe and allowed to execute.<\/p>\n

When a computer system\/device gets infected, AV scans that are made to run on the system will successfully detect and perform virus removal<\/a>. This has been considered to be effective for many decades. But no more.<\/p>\n

Studies have revealed that more than a third of present-day malware attacks are zero-day exploits. These zero-day exploits have been defined as attacks through “unknown files”- files that have not existed before and have not been detected and listed by virus databases as malware.<\/p>\n

Many malicious entities have been exploiting zero-day vulnerabilities<\/strong><\/a> as it is a logical way of unleashing an attack. Initiating an attack through zero-day exploit, then spreading the attack and infecting numerous other systems is the way typical attacks take place.<\/p>\n

Cybersecurity reports<\/a> reveal that attackers are still initiating spear-phishing attacks through malicious macros, and quite a number of users seem to fall victim. The spearphishing attacks have also evolved with more sophisticated emails that are as good as an authentic email. These mails with malicious attachments are able to evade most system security programs<\/a>, as users trust these files.<\/p>\n

Attacks involving PHP web shells are also prominent, however, they are a bit more sophisticated nowadays. Cyber criminals \u2013 hackers, hacker groups and nation-state attackers use these modified and enhanced versions of these shells as backdoors to control webservers.
\nAttackers are using malicious JavaScript for attacks over the web and through emails. They are also targeting web browsers and focusing on bypassing system security programs<\/strong> of banks and financial institutions.
\nEarlier, cyber criminals were primarily targeting Windows-based systems, but now they are widely targeting Mac OS and Linux-based systems. With the evolvement and increased adoption of IoT devices, attackers are targeting and successfully gaining control over vulnerable devices. These devices are recruited as part of botnets that are used for Distributed Denial of Service (DDoS) attacks.<\/p>\n