Blended Threat

Blended threats are bundles of malicious programs that combine the functionality of different types of malware, including Trojans, worms and backdoors.

A blended threat often involves an infection chain whereby a visitor to a website is first diverted to a malicious URL, then compelled via social engineering to download a malicious file, which then continues to download additional malicious files. By using multiple methods and techniques, cybercriminals are able to quickly and surreptitiously spread threats.

A blended threat typically includes:

  • More than one means of distribution, for instance, distributing a hybrid virus/worm via email that self-replicates and also infects a Web server, so that the contagion will spread through all visitors to a particular site;
  • Exploitation of vulnerabilities, which may be pre-existing or even caused by malware distributed as part of the attack;
  • The intent to cause real harm rather than just causing minor computer problems for victims, e.g. by launching a denial of service (DOS) attack against a target, or delivering a Trojan horse that will be activated at some later date;
  • Automation that enables increasing contagion without requiring user actions, such as opening attachments.

To guard against blended threats, experts urge network administrators to be vigilant about patch management, use and maintain good firewall products, employ server software to detect malware, and educate users about proper e-mail handling and online behavior.

Zero-day exploits

Zero-day exploits refer to software vulnerabilities that have been found in-the-wild before security researchers and software developers become aware of the threat. Because of this, they pose a higher risk to users than other vulnerabilities. There are zero days between the time the vulnerability is discovered and the first attack.

Normally, when someone detects that a software program contains a potential security issue, that person or company will notify the software company, so that action can be taken. Given time, the software company can then fix the code and distribute a patch or software update. Even if potential attackers hear about the vulnerability, it may take them some time to exploit it; meanwhile, the fix will hopefully become available first.

Sometimes, however, a hacker may be the first to discover the vulnerability. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection, such as:

  • Use virtual LANs (IPsec) to protect the contents of individual transmissions;
  • Deploy an intrusion detection system;
  • Introduce network access control to prevent rogue machines from gaining access to the network;
  • Lock down wireless access points and use a security scheme like Wi-Fi Protected Access or WPA2 for maximum protection against wireless-based attacks.