What is it?
A zero-day virus is a computer virus that can either be a slight mutation of a previously seen virus or completely new. Therefore, the defining characteristic of a zero-day is simply that it is new. It has purposely been changed in order to be able to avoid detection from antivirus programs. They are designed to exploit your systems vulnerabilities and takes advantage of the fact that even the largest antivirus protection may have no current solution to defend against these mutated viruses. By attacking these vulnerabilities, the malware is able to sneak in and perform actions on your system that otherwise would not be permitted.
Most antivirus programs use signatures to search your computer for malicious programs and attachments. But a zero-day virus is good at hiding itself from being caught – It flies under the radar and does not send off a known signal. Antivirus software blocks against signatures that it has seen before. Each virus has a unique known signature, so when a zero-day virus changes it ever so slightly, it is able to slip through the cracks and send malicious content to you. While most programs develop a patch to fix the problem after the attack has occurred, that doesn’t protect against future vulnerabilities once the signature of the virus mutates yet again. Wouldn’t you want to stop the zero-day virus before it does any damage to your private and sensitive data?
How it attacks
One of the most common ways to infect a computer is to create a malicious email attachment. Most of the time, these attachments look completely legitimate. For example – say Fidelity Investments is your financial advisor. Most likely, you have their name, address, and personal advisor’s details in your contact list. If you were to receive an email that looked like this, would you open it?
It’s from a trustworthy name, it’s on letterhead, and there are no spelling mistakes. Though this information looks familiar to you, it’s a trap. For example, we took this attachment at the time it was caught using Virus Total and out of 57 scanners (now there are 58), only four caught it.
It was able to fool Malwarebytes, MacAfee, AVG, and even Microsoft – and this zero-day virus was sent through Microsoft’s own Exchange servers!
By running this same file through Securence, the virus was caught. That is due to the fact that while many of the best antivirus software search for recurring signatures, Securence adds another layer of protection by using predictive blocking. Though we had never seen this specific virus, we are able to catch it because the virus used a pattern similar to what we had seen before.
Ensure you have the best protection
Of course, antivirus software is not without value. Some protection is better than none. However, zero-day viruses are specifically designed to circumvent the best names in antivirus, so for full protection, it is important to add extra layers where they are needed.
Instead of looking for just the “static” pattern that are typical for certain viruses, Securence looks for “fluid behavior patterns.” By looking for these flexible behavioral patterns for things that tend to exist but have never truly been seen before, we can predict how the virus may mutate in the future. This allows our program to be proactive and agile so we can stay ahead of hackers that want your personal information.
You, your company, and your clients deserve the best possible protection against zero-day viruses. Our solutions are affordable, complete, and incredibly agile. They also protect you from every angle including inbound and outbound email filtering, first-in-class encryption, secure email archiving, email shadowing, and more. Rather than providing retroactive fixes once a zero-day virus attacks, we focus our R&D on stopping the virus before your data is accessed. Only 7 percent of the top antivirus scanners caught this Fidelity virus the day it was released and Securence was one of them.