Blended Threat

A blended threat is a computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.

A blended threat typically includes:

More than one means of propagation -- for example, distributing a hybrid virus/worm via e-mail that will self-replicate and also infect a Web server, so that contagion will spread through all visitors to a particular site;
Exploitation of vulnerabilities, which may be preexisting or even caused by malware distributed as part of the attack;
The intent to cause real harm (rather than just causing minor computer problems for victims), for example, by launching a denial of service (DOS) attack against a target, or delivering a Trojan horse that will be activated at some later date; Automation that enables increasing contagion without requiring user actions, such as opening attachments;

To guard against blended threats, experts urge network administrators to be vigilant about patch management, use and maintain good firewall products, employ server software to detect malware, and educate users about proper e-mail handling and online behavior.