The Holy Grail for malicious program and virus writers is the zero day exploit. A zero day exploit is when the exploit for the vulnerability is created before, or on the same day as the vulnerability is learned about by the vendor. By creating a virus or worm that takes advantage of a vulnerability the vendor is not yet aware of and for which there is not currently a patch available the attacker can wreak maximum havoc.
Some vulnerabilities are dubbed zero day exploit vulnerabilities by the media, but the question is zero day by whose calendar? Often times the vendor and key technology providers are aware of a vulnerability weeks or even months before an exploit is created or before the vulnerability is disclosed publicly.
A glaring example of this was the SNMP (Simple Network Management Protocol) vulnerability announced in February of 2002. Students at Oulu University in Finland actually discovered the flaws in the summer of 2001 while working on the PROTOS project, a test suite designed to test SNMPv1 (version 1).
SNMP is a simple protocol for devices to talk to each other. It is used for device to device communication and for remote monitoring and configuration of network devices by administrators. SNMP is present in network hardware (routers, switches, hubs, etc.), printers, copiers, fax machines, high-end computerized medical equipment and in almost every operating system.
After discovering that they could crash or disable devices using their PROTOS test suite, the students at Oulu University discreetly notified the powers that be and the word went out to the vendors. Everyone sat on that information and kept it secret until it was somehow leaked to the world that the PROTOS test suite itself, which was freely and publicly available, could be used as the exploit code to bring down SNMP devices. Only then did the vendors and the world scramble to create and release patches to address the situation.