| |
An exploit is a piece of malware code that takes advantage of a newly-announced or otherwise unpatched vulnerability in a software application, usually the operating system, a web browser or a program that routinely activates through a web browser (PDF reader, media player, or other plug-in). A zero-day exploit is an exploit that takes advantage of a vulnerability on the same day that the vulnerability is announced. Exploits usually get onto users machines by means of a drive-by download – the user has no idea that a download has even taken place.
Exploits frequently take the form of crimeware, a relatively new type of malware whose primary purpose is to extort money or other assets with a portable value from computer users to the benefit of a third-party. As such, they are most valuable to their purveyors during the risk window, the time period between the announcement of a vulnerability and the provision of a fix by the vendor. However, exploits usually continue to be distributed after the fix has been issued because not all machines get patched in a timely fashion, if at all. Considering that risk windows average 56 days in length, it's easy to see how some machines might remain vulnerable for many months, even years.
|
Cart
