Using a heuristic system to detect an anomaly in a computer’s baseline, a system administrator was able to
detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis
revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and
executed it to trigger a privilege escalation flaw.
Which of the following attacks has MOST likely occurred?
The vulnerability was unknown in that the IDS and antivirus did not detect it. This is zero-day vulnerability.
A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then
exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day
attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user
information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers,
specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must