A blended threat is an exploit that combines elements of multiple types of malware and usually employs multiple attack vectors to increase the severity of damage and the speed of contagion. Nimda, CodeRed, Bugbear and Conficker are a few well-known examples. Although they may be identified as viruses, worms or Trojan horses, most current exploits are blended threats.
A blended threat typically includes:
- More than one means of propagation -- for example, sending an email with a hybrid virus/worm that will self-replicate and also infect a Web server so that contagion will spread through all visitors to a particular site.
- Exploitation of vulnerabilities which may be preexisting or may be caused by malware distributed as part of the attack.
- The intent to cause real harm, for example, by launching a denial of service (DOS) attack against a target or delivering a Trojan horse that will be activated at some later date.
- Automation that enables increasing contagion without requiring any user action.
To guard against blended threats, experts urge network administrators to be vigilant about patch management, use and maintain good firewall products, employ server software to detect malware, and educate users about proper e-mail handling and online behavior.