Discovering a new vulnerability in a popular piece of software is the Holy Grail for cybercriminals. The period between this vulnerability being weaponized into an exploit and becoming public knowledge poses a huge security risk to consumers and businesses. During this time, a completely open window of attack exists because even fully-patched systems are affected. This is a zero-day.
This paper details one such exposure using Malwarebytes’ unique view of zero-day threats as collected through its anti-exploit products. Because the anti-exploit products are deployed on a large user base that spans the globe, researchers were able to profile accurately a zero-day (CVE-2015-0313) that leverages Adobe Flash Player, and shine a light on the lifecycle, delivery mechanism, and criminal practices behind it.