WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Haber Group at 866.625.3560.

How to Automate the Protection of Your Business
Tip of the Week: How to Reduce the Use of Paper in...
 

Comments

Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Hackers Privacy Malware Business Internet Business Computing Microsoft Hosted Solutions Computer Software Ransomware Windows 10 Google Network Security Backup Smartphone Android User Tips Mobile Devices IT Services Hardware Small Business Data Management Browser Tech Term Gmail Productivity Windows Managed IT Services Business Continuity Data Internet of Things Cloud Computing Facebook App Server Saving Money Word IT Support Remote Monitoring Office 365 Disaster Recovery Smartphones Managed Service Provider Efficiency Artificial Intelligence Cybersecurity Business Management Encryption Upgrade Data Recovery Phishing Social Media Workplace Tips Innovation Infrastructure Big Data Outsourced IT Productivity Windows 10 IT Support Tip of the week Data Backup Microsoft Office Spam Office Tips Government Chrome Two-factor Authentication Content Filtering Applications Bandwidth Communication YouTube Employer-Employee Relationship Miscellaneous Firewall Managed IT Services communications IT Management Apple Passwords Risk Management WiFi Analytics Data storage Avoiding Downtime VoIP The Internet of Things Vulnerability Customer Service Antivirus Money Robot Settings End of Support BYOD Data loss Business Technology Apps Virtual Private Network Computing Hosted Solution Google Drive Password Mouse Vendor Management Hacking Server Management Mobile Security Save Money LiFi Search IBM Virtual Reality Telephone Systems Mobile Device Wireless Storage Presentation Maintenance Paperless Office Administration Scam Customer Relationship Management Office SaaS Tablet Wi-Fi Wireless Technology Recovery Outlook Unified Threat Management Augmented Reality Monitors Holiday Website Safety VPN Printing Network Data Security Hacker HIPAA Automation Budget Alerts Service Level Agreement Collaboration eWaste BDR Servers Cryptocurrency Downtime Distributed Denial of Service Router Fraud Internet Exlporer Network Management Bring Your Own Device Scary Stories sip Comparison How To Techology IP Address Cybercrime SharePoint Refrigeration Cables Managed IT Title II Connectivity User Tech Support Document Management Lenovo Licensing File Sharing Continuity Google Maps Bitcoin Network Congestion Managed IT Service Modem Public Speaking Computer Care Digital Value Smart Office Touchscreen Best Practice Sports telephony Specifications Compliance Competition Samsung Mail Merge Knowledge Information Technology Identity Theft Unified Threat Management Mobile Office Google Docs Downloads IT Technicians Wires Disaster Shortcut Education Writing Online IoT Websites Spyware Superfish Cooperation Solar Statistics Windows 8 Computers Break Fix Cookies Training Hotspot Professional Services Automobile Work Business Growth Black Friday Regulations Address Experience Google Wallet Unified Communications Quick Tips User Error Mobile Device Management Running Cable Multi-Factor Security Mirgation Undo Voice over Internet Protocol Uninterrupted Power Supply Patch Management Current Events Retail Microsoft Excel Star Wars Legal Staff Marketing Business Intelligence Bluetooth Virtual Desktop Display Dark Web Nanotechnology Language USB Gadgets Application Optimization Alt Codes Buisness Dark Data Cyber Monday Social Networking Corporate Profile Drones VoIP Lithium-ion battery Laptop Google Calendar Chatbots Virtualization Remote Computing Solid State Drive Going Green IT solutions Social Engineering Blockchain Cost Management How To Networking Printer Wearable Technology Social Net Neutrality Screen Reader Computing Infrastructure Dongle Users Recycling IT service Heating/Cooling 5G Typing Smart Technology Motherboard WannaCry Assessment Digital Payment Time Management Deep Learning Halloween Humor Legislation Identity Hard Disk Drive Cortana Permissions Firefox Operating System Access Control Hard Drives Chromebook Cabling Fun Hacks FCC Smart Tech Politics Mobile Data Health Domains Cleaning Private Cloud Alert CCTV Emoji Webcam Electronic Medical Records Work/Life Balance Error Black Market Point of Sale Mobile Computing Physical Security Travel Law Enforcement Notifications G Suite Upgrades Botnet Supercomputer Twitter CrashOverride Motion Sickness Gadget Staffing 3D Printing Personal Information Administrator Crowdsourcing Taxes Machine Learning IT Budget Web Server FinTech Update Company Culture GPS Unsupported Software Computer Repair IT Consultant Emergency Relocation Processors Cameras Meetings Managing Stress Tracking