What is zero-day malware?

Zero-day malware is too new to be caught by most antivirus packages. We explain how to stay safe

Tuesday, 4 June, 2024

The term ‘zero-day malware’ has had various meanings over the years, none of which are particularly encouraging.

Originally, it was used to describe security flaws which were discovered in software before it was released, enabling proactive criminals to immediately exploit it upon launch.

The term was then co-opted to describe new viruses and malware which were yet to be recognised by antivirus packages, and therefore couldn’t be mitigated against.

Zero-day malware could also describe malicious code that targets newly discovered flaws in existing operating systems or applications, before the software creators can repair them.

In any of the above scenarios, the end result could involve malware slipping below the safety nets of the companies charged with identifying and negating malevolent code.

As a consumer, there’s not much you can do about the existence of zero-day malware – but various proactive steps could help to mitigate against falling victim to a zero-day attack…

Absolute zero

It’s a sad inevitability that most software platforms will contain weaknesses, or the potential for unforeseen consequences to occur in specific user scenarios.

These are known as vulnerabilities, and they’re typically resolved using a retrospective piece of software known as a patch, which bolts onto the original code.

The companies behind software programs, apps, firmware and operating systems routinely issue updates to their products.

However, in the constant battle between software developers and cybercriminals, the latter often identify flaws before the former.

This provides nefarious individuals with a window of opportunity – often less than a day – to develop exploit code targeting these vulnerabilities for criminal gain.

This exploit code is often resold on the Dark Web, by which point it’s typically known about by the agencies whose software it targets – meaning it’s no longer a zero-day threat.

A zero-day attack reduces the ability of antivirus software to respond, since their databases of known threats tend to be updated daily and might not recognise newly minted malware code.

Existing malware is usually identified by algorithmic analysis of previously identified source code, whereas new malware often has no shared DNA and therefore won’t be flagged as dangerous.

Previous zero-day attacks have targeted Chrome, Zoom, iOS and Word, as well as innumerable other programs, apps, firmware and utilities.

Staying safe online

As consumers, we tend to install antivirus software and assume its threat intelligence will protect us against malware.

Sadly, this is an illusion, with emerging threats like drive-by downloads and quishing on the rise both domestically and internationally.

Happily, there are various steps private individuals can take to mitigate the threat of zero-day malware.

Most importantly, enable automatic software updates on all web-enabled devices, providing your internet connection is faster than an 11Mbps ADSL line and won’t bog down other services.

The next step is to accept that yes, you really do need antivirus software, whether it’s self-installed or provided by a remote computer support service.

Avoid clicking on links in unsolicited emails (even ones supposedly relating to antivirus software), which could install phishing software or covertly compromise your webcam.

Try to avoid using insecure public WiFi networks, but if you must, direct web and email traffic through a VPN and avoid any URLs
that don’t have HTTPS enabled.

Finally, when logging into accounts, use two-factor authentication and accept the inconvenience of one-time passwords as a price worth paying to optimise device security.

Neil Cumins author picture


Neil is our resident tech expert. He's written guides on loads of broadband head-scratchers and is determined to solve all your technology problems!