Zero Day Exploit

A zero-day exploit is a type of computer attack that exploits a software vulnerability before that vulnerability is known to the public or the software's developer. Zero-day exploits are very valuable to hackers and cybercriminals because they are unknown — all systems running the affected software are vulnerable, so the attack is likely to succeed. The term "zero-day" refers to the idea that the developer has had zero days between learning of the vulnerability and the attack occurring.

After hackers discover a new vulnerability, they create a virus or piece of malware to exploit it. The exact methods depend on the nature of the security hole — some exploits can attack a vulnerable web browser when it loads a specific webpage, while others require a social engineering attack to trick someone into installing a trojan horse on a vulnerable computer. Once a hacker has access to a system, they can install additional malware, steal valuable data, or disrupt a service that the system provides. Since the exploit is unknown to its victims, a hacker who can cover their tracks can often maintain this unauthorized access for some time completely undetected.

Software developers can only issue a hotfix to patch a security hole after the zero-day exploit is publicly known. Antivirus software definitions will also only be updated to catch exploits after they've been revealed. It's wise to maintain frequent data backups in case a zero-day exploit is used to attack your computer and modify or delete your data, and to make sure that you regularly install security patches as they are issued to close security holes as soon as possible.