301-571-5040    Get SUPPORT

Washington Works Blog

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Washington Works at 301-571-5040.

How to Automate the Protection of Your Business
Tip of the Week: How to Reduce the Use of Paper in...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, August 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Privacy Business Computing Malware Software Hackers Email Network Security Tech Term Business Managed IT Services Backup Mobile Devices Internet Ransomware Microsoft Computer IT Support Productivity Google Hosted Solutions User Tips IT Services Data Smartphone Data Recovery Productivity Data Backup Efficiency Android Managed Service Provider Communication Small Business Encryption Cloud Computing Business Continuity Data Management Office 365 Social Media Windows 10 Paperless Office Hardware Remote Monitoring Outsourced IT Browser Innovation Business Management Infrastructure Tip of the week Unified Threat Management BYOD Work/Life Balance Facebook Workplace Tips Save Money Server Disaster Recovery Bandwidth App Cybersecurity Smartphones Government Hosted Solution Phishing Passwords Antivirus Password File Sharing Employer-Employee Relationship Document Management Apps Applications BDR Vulnerability Managed IT Services IT Management Money Internet of Things Chromebook Big Data Virtual Reality Windows Compliance Word Risk Management How To Managed Service Saving Money Artificial Intelligence Collaboration Chrome Holiday Windows 10 SaaS Two-factor Authentication Wi-Fi HIPAA Training Patch Management Office Robot Tech Support Mobile Security Vendor Management Scam Websites Recovery Smart Technology Data loss Hacker Remote Computing Botnet Customer Relationship Management How To Automobile Network Router VPN Maintenance Mobile Device Quick Tips Data Security Automation Server Management Identity Theft Blockchain Business Technology Alert Virtual Private Network Gmail Regulations Health Telephone Systems Storage IoT G Suite Samsung Computer Care Firewall VoIP Physical Security Twitter Computing Politics Taxes Office Tips Management Tracking Dark Web Nanotechnology Spyware Address Update Web Server MSP Access Control Error USB Augmented Reality Cyber Monday Motherboard Monitors Legal Development Licensing Avoiding Downtime Mouse Identity Unified Communications Digital Payment Cost Management IT Consultant OneNote Disaster Heating/Cooling Social Notifications Enterprise Resource Planning IBM Microsoft Excel Screen Reader Cameras Proactive SharePoint Communications Dongle Staffing The Internet of Things Sports Meetings Cables Cooperation Time Management IT Solutions Microsoft Office Tablet Computer Repair Cybercrime Bring Your Own Device Gadgets Budget Hotspot Assessment Virtualization Networking Employee-Employer Relationship Downloads IT Technicians Uninterrupted Power Supply Servers Administrator Mobile Smart Tech Law Enforcement CCTV Remote Monitoring and Management Processors Service Level Agreement Distributed Denial of Service YouTube Search Webcam Wires Unified Threat Management Staff Network Management Upgrades Education Remote Workers Website Comparison Managed IT Vulnerabilities Language Internet Exlporer Machine Learning Multi-Factor Security Mirgation Company Culture Connectivity Analytics Gadget WPA3 Utility Computing WiFi Upgrade Managed IT Service Modem Settings Point of Sale User Error IT Support Touchscreen Relocation Cleaning Information Specifications Corporate Profile Outlook Travel Geography Computing Infrastructure Value Google Drive Cortana Black Market Google Calendar Solid State Drive Statistics Crowdsourcing Managing Stress Supercomputer Spam Permissions Lenovo Emoji Fleet Tracking Wireless Cabling Healthcare GPS Break Fix Cookies Digital Mail Merge Mobile Device Management Printer Wearable Technology Private Cloud Professional Services Black Friday Social Networking WannaCry Shortcut Electronic Medical Records Motion Sickness High-Speed Internet Alerts VoIP Techology Legislation Chatbots Hard Disk Drive Bluetooth Personal Information Downtime Enterprise Content Management IT Budget Fraud Star Wars Firefox Superfish Asset Tracking Lithium-ion battery Fun 5G Wireless Technology CrashOverride Safety Marketing Hard Drives Emergency Competition IP Address Users Customer Service Miscellaneous Mobile Office Domains Regulation Monitoring Public Speaking Hiring/Firing Presentation