Zero-day attacks are those types of attacks that attempt to exploit the vulnerability of software for which there is still no protection in the form of an updated operating system or specific software. The “zero day” attack’s name is derived from the fact that the user is at risk until the patch is released, that is, still found in the starting position, i.e. zero day. The attack makes use of Zero-day Attack exploits, which is a description of the use of a programming bug that causes the mentioned vulnerability. Exploits are mostly easily available on the internet, and attackers often create them with malicious intent.
Zero-day DDoS function in several ways. Attackers mostly target Internet browsers which are the most extended and used by a large number of people. They also often send emails, exploiting vulnerabilities to in e-mail programs or webmail applications, especially when dealing with a malformed e-mail body or attachments. Attackers can also design a malicious code to attack the operating system and steal confidential data, such as bank passwords and personal information. Since Zero-Day exploits quite easily bypass security features, there is a huge demand for them. An exploit can be dangerous even after a patch has been released (update), since not all users are installing the update.