301-571-5040    Get SUPPORT

Washington Works Blog

Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Washington Works at 301-571-5040.

How to Automate the Protection of Your Business
Tip of the Week: How to Reduce the Use of Paper in...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, June 21 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Cloud Business Computing Privacy Malware Hackers Software Email Network Security Backup Business Ransomware Managed IT Services Mobile Devices Microsoft Tech Term Hosted Solutions Productivity User Tips Computer Smartphone Internet Managed Service Provider Android Data Recovery Google Office 365 Encryption Cloud Computing Business Continuity Data Management Small Business Paperless Office Social Media Windows 10 Efficiency Communication Productivity IT Services Remote Monitoring Hardware IT Support Data Backup Business Management Browser Outsourced IT Save Money App Smartphones Disaster Recovery Cybersecurity Government Innovation BYOD Tip of the week Infrastructure Work/Life Balance Server Workplace Tips IT Management Word Holiday Hosted Solution Artificial Intelligence Compliance Unified Threat Management Phishing Saving Money Document Management Money Facebook Virtual Reality Antivirus Windows Risk Management Bandwidth How To Managed IT Services Data Applications SaaS Apps Chrome Big Data Windows 10 Employer-Employee Relationship Password Vulnerability Mobile Device Alert Passwords Health VPN Telephone Systems Samsung Data Security Hacker Server Management Physical Security Computing Virtual Private Network Internet of Things Firewall Customer Relationship Management Taxes Politics Office Gmail Regulations Websites Botnet Automation Two-factor Authentication HIPAA Mobile Security Identity Theft Tech Support BDR Maintenance Smart Technology Collaboration Twitter Business Technology Computer Care Robot Recovery Training File Sharing Remote Computing Chromebook Patch Management Vendor Management Scam Wi-Fi Data loss Automobile Licensing Networking USB Unified Communications Servers Identity Uninterrupted Power Supply Mouse Gadget Cortana WiFi Emoji Screen Reader YouTube Microsoft Excel Quick Tips Cooperation Travel IBM Dongle Bring Your Own Device G Suite Tablet Electronic Medical Records GPS Microsoft Office Smart Tech Settings Google Drive Staff Motion Sickness Service Level Agreement Legal Statistics Solid State Drive Comparison Office Tips Tracking Mail Merge Website Connectivity Digital Blockchain Utility Computing VoIP Notifications Social Techology Sports Bluetooth IT Consultant Hard Disk Drive Specifications IT Solutions Permissions Address IoT Spyware Healthcare Avoiding Downtime Wearable Technology Meetings Printer Unified Threat Management Spam Upgrades Mobile Device Management Social Networking Black Friday Fraud Administrator Star Wars Management Time Management Webcam Access Control User Error Motherboard Education Cyber Monday Machine Learning Black Market Augmented Reality Cost Management How To Enterprise Resource Planning Network Management Point of Sale SharePoint Crowdsourcing Managed IT Cleaning Relocation Analytics Hotspot Supercomputer The Internet of Things Assessment Budget Mobile Touchscreen Gadgets IT Technicians IT Support Downloads Personal Information Update Outlook Router Corporate Profile Distributed Denial of Service Private Cloud Language Downtime IT Budget Lenovo Internet Exlporer Company Culture Mirgation Web Server Cabling Multi-Factor Security Shortcut Modem WannaCry Managed IT Service Error Firefox Computing Infrastructure Digital Payment Superfish Upgrade Value Managing Stress Storage Cameras Google Calendar Virtualization Computer Repair Staffing Wireless Cookies Monitors Break Fix Communications Alerts Cybercrime Processors Search Professional Services VoIP Enterprise Content Management Heating/Cooling Chatbots CCTV Disaster Legislation Law Enforcement Network Nanotechnology Dark Web 5G Wireless Technology Marketing IP Address Customer Service Mobile Office Domains Hard Drives Public Speaking CrashOverride Lithium-ion battery Emergency Safety Hiring/Firing Competition Fun Users Miscellaneous Presentation