0

Tech Brief:

An Inside View of a Zero-day Campaign

Abstract:

Discovering a new vulnerability in a popular piece of software is the Holy Grail for cybercriminals. The period between this vulnerability being weaponized into an exploit and becoming public knowledge poses a huge security risk to consumers and businesses. During this time, a completely open window of attack exists because even fully-patched systems are affected. This is a zero-day.

This paper details one such exposure using Malwarebytes’ unique view of zero-day threats as collected through its anti-exploit products. Because the anti-exploit products are deployed on a large user base that spans the globe, researchers were able to profile accurately a zero-day (CVE-2015-0313) that leverages Adobe Flash Player, and shine a light on the lifecycle, delivery mechanism, and criminal practices behind it.

Free download

Malwarebytes Endpoint Protection

Protects your endpoints with next-gen tech that out-thinks malware and traditional security.

Malwarebytes Incident Response

Centralized threat detection and remediation. Responding to incidents when seconds matter.