Zero Day Calendar Reading Time: 2 minutes

Criminals are using a new zero day vulnerability in the Adobe Flash Player to conduct drive-by-downloads, infecting unsuspecting web site visitors with malicious software.

What is Zero Day Vulnerability?

A zero day vulnerability is a previously unknown flaw where there is no patch available and security software have not been updated to deal with.

Security researchers as CISCO have reported that hackers are using the exploit to spread adware and build botnets. A botnet is a network of computers taken over by hackers, usually without the knowledge of the computer owner, which is used for nefarious purposes such as spreading malware, send spam email or launching Denial of Service attacks.

A famous blogger known as Kafeine first reported that this zero day vulnerability has been included in a well-known hacker exploit kit called Angler. Exploit kits contain tools for conducting attacks and creating malware and are sold online for profit.

Kafeine has also reported that test show Windows 8.1 and Chrome browser users are not affected by the zero day exploit.

Flash Player has been found to have numerous vulnerabilities in recent years and has been a popular target of hackers. Many web sites display Flash animation that requires the user to have a Flash Player installed. Hackers have zeroed in on other web technologies that also require a local user application such as Java, Adobe Reader and Silverlight.

No patch is currently available for this vulnerability, but Adobe is aware of the problem and has indicated they are working on a solution.

Comodo Internet Security (CIS) provides the best protection for zero day vulnerabilities because it uses a unique “Default Deny” architecture with auto-sandboxing that prevents programs that are not verified as safe from being run by the system. They may instead run in a safe, secure system area called a sandbox, where an unknown file where it can be analyzed for malicious behavior.

Comodo Security software, including the version for Endpoint Management is able to keep you safe because it does not rely solely on detecting known threats which require frequent updates to the systems virus signature file.