WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to BNMC at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, December 10 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Privacy Malware Business Computing Business Network Security Hackers User Tips Software Internet Microsoft Google Computer Tech Term IT Services Efficiency Ransomware Mobile Devices Hosted Solutions Communication Smartphone Small Business Backup Managed IT Services Data Productivity IT Support Android Saving Money Business Continuity Hardware Cloud Computing Windows 10 Data Recovery Browser Windows Innovation Internet of Things Data Management App Data Backup Microsoft Office Cybersecurity Productivity Workplace Tips Business Management Managed IT Services Upgrade Office 365 Word Artificial Intelligence Remote Monitoring Gmail Disaster Recovery Encryption Passwords Server Facebook Windows 10 Tip of the week Analytics communications Outsourced IT Website Vulnerability BYOD Network Employer-Employee Relationship Money Mobile Device Applications Smartphones IT Support Chrome Managed Service Provider Phishing Infrastructure YouTube Miscellaneous Social Media Government Risk Management Maintenance Antivirus Office Tips Data storage Big Data IT Management VoIP Managed Service Save Money Settings Robot Google Drive Company Culture Users Content Filtering Bandwidth desktop Two-factor Authentication Avoiding Downtime Managing Stress Apple Firewall Scam Education SaaS Storage Development Holiday Laptop Alert Wireless HIPAA Display VPN Access Control The Internet of Things Mobile Security Data Security Employee-Employer Relationship Business Technology Server Management Spam Monitors Computing Virtual Private Network Vendor Management Outlook Paperless Office Touchscreen Operating System Quick Tips Business Intelligence WiFi LiFi Hosted Solution Automation Information Data loss Unified Threat Management Administration End of Support Mouse Telephone Systems Virtual Reality Apps Remote Computing Digital Payment Address Permissions Augmented Reality K-12 Schools Cryptocurrency Cookies MSP Slack Digital Patch Management Managed IT Service Computing Infrastructure Professional Services Content Google Docs Disaster User Error Social Networking IT solutions Network Congestion Going Green Star Wars Digital Signage Scary Stories Collaboration Customer Relationship Management Chatbots eWaste Hacks Specifications Running Cable Writing Google Wallet Wearable Technology Network upgrade Bitcoin Wi-Fi Heating/Cooling Multi-Factor Security Nanotechnology Monitoring Document Management Spyware Break Fix Alerts USB Streaming Buisness Business Growth Uninterrupted Power Supply Time Management Printer Motherboard Cables Computers Printing Search Black Friday Fraud Cost Management Troubleshooting Sports Legal File Sharing Networking Identity Continuity Virtual Desktop Dark Data Password Update Computer Care IBM Unified Communications Retail Drones Emergency Smart Office Windows 8 Solid State Drive Servers Google Calendar Screen Reader Charging Spying Identity Theft Dark Web Licensing Dongle Human Error Hacker Politics Network Management Wires Analysis Cyber Monday Assessment Deep Learning Solar Customer Service Mobile Device Management Training Corporate Profile Office Samsung Automobile Work Hard Disk Drive Legislation Smart Tech Cybercrime Microsoft Excel Cooperation Service Level Agreement Device Downtime Alt Codes Tech Support Dell SharePoint Router Voice over Internet Protocol Managed IT Smart Technology Hotspot Internet Exlporer LED Marketing Bring Your Own Device Cabling Techology Compliance Chromebook WannaCry PowerPoint Gadgets Social Engineering Budget Google Maps How To Lenovo IT Technicians Optimization Social Statistics Tablet Connectivity Information Technology Mail Merge Blockchain Staff Leominster Mobility Typing Humor Websites Downloads Modem FinTech Shortcut Distributed Denial of Service Language Value Co-Managed IT Best Practice VoIP Unified Threat Management Regulations Current Events IoT Onboarding Halloween Safety Firefox Superfish Mirgation Recycling Bluetooth Comparison Print Toner Personal Information Botnet Cameras Tracking 3D Printing Meetings Cortana Cleaning Processors Machine Learning CCTV Virtualization Unsupported Software Webcam Error Computer Repair Relocation Mobile Data Point of Sale Ben McDonald shares BDR Printers How To Work/Life Balance Travel Recovery Health Private Cloud G Suite Regulation Black Market Supercomputer CrashOverride Law Enforcement Motion Sickness Mobile Computing Staffing Notifications Administrator Electronic Medical Records Taxes Twitter IT Budget Physical Security Web Server what was your? GPS Upgrades Gadget Emoji Crowdsourcing IT Consultant

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3