Blended Threats Cause a Stir

These dangerous security threats combine the characteristics of malicious code like viruses and worms, but their methods of infiltration and the speed at which they propagate make them a dangerous prospect for any business connected to the Internet.

One of the most publicized blended threats is the Nimda worm, which spread to more than 2.2 million servers and PCs in a single day, affecting computers and connectivity around the world. This blended threat relied on multiple channels of infiltration and several methods of propagation to worm its way into computers around the globe and leave a trail of destruction that cost billions of dollars to clean up after.

The characteristics of blended threats like Nimda differentiate it from garden-variety viruses and worms in several ways. Blended threats:

Cause harm
The sole intention of the blended threat is to cause damage. Some viruses or worms have a relatively tame payload designed more to instil fear -- or a sense of accomplishment in the virus' author -- than to cause widespread damage. But blended threats are intended to cause mass destruction on many levels and are successful in this goal.

Do not have to be activated by the user
Viruses and worms are usually spread by opening an email attachment or downloading a file from the Internet. But blended threats do not require human intervention to propagate, and some of them can be spread simply by opening or previewing an infected email or visiting an infected Web site.

Exploit vulnerabilities
Blended threats search computers for known vulnerabilities, such as incorrectly configured routers or known holes in applications, opening up the server so information stored there can be accessed freely.

May have multiple propagation methods Blended threats do not rely on just one method of spreading. Even if it hits a security measure on a server like a firewall, it may find other ways to gain access to the system.

Use multiple attack methods
Injecting code into HTML files, defacing Web sites, and creating guest accounts with administrator privileges are just an example of the variety of damage blended threats can cause -- all at once. This wide scope of attack makes it difficult to contain the threat once it's discovered.

How can you protect yourself?
Blended threats present a challenge because of this combination of characteristics. A comprehensive, proactive solution is your best defence. Focusing on best security practices on a daily basis can reduce your risk before a threat has been detected, and minimize the damage done should a blended threat infiltrate your system.

Create and enforce a comprehensive security policy
Establish guidelines for safe computing and educate your employees on the dangers of malicious code. Distribute the security policy company-wide, and detail the importance of specific practices such as heeding warnings from antivirus software, creating strong passwords, and handling email attachments safely.

Keep systems up to date
Because blended threats are programmed to seek known holes in programs like Internet browsers and server administration software, it is essential to always keep your operating systems and applications up to date with the latest patches. Downloadable fixes are usually released shortly after a security hole has been discovered in an application. Letting these vulnerabilities go unchecked can leave you wide open to blended threats seeking out that particular hole or scanning for all weaknesses in your system.

Passwords
Password attacks are a frequent method of infiltration for blended threats. Since choosing strong passwords is simple to do and costs nothing, this practice should be enforced consistently. Blended threats, and viruses and worms alike, can contain programs that crack passwords by generating possible word and letter combinations repeatedly until a match is found that allows access to the system. A strong password should be at least eight characters in length (the longer they are the longer it takes for cracking programs to be effective), include letters, numbers and symbols, and should be changed regularly. They should never contain repeating characters or common words or names, which are easy for a program to crack.

Use comprehensive security measures
While one method of prevention will not necessarily protect you from a security threat, a combination of antivirus, firewall, and intrusion detection used in combination can provide a formidable challenge to a blended threat. When these defences are used together, they can slow down or prevent its spread by quarantining the code, alerting you to its presence, repairing the damage, or blocking it out completely. If the threat surpasses one security measure, like a firewall, it still can be detected and caught by other methods like antivirus software.

Protect all entry points
Guarding your server with a firewall is not enough; you must also protect your email and Web gateways and your individual desktops with antivirus software that is kept up to date with the most recent virus definitions and any patches that are available.

Blended threats are becoming more prevalent and more advanced in both their methods of spreading and the damage they cause. Because of their complexity in both attack and propagation, a single security measure is not adequate to protect yourself. You must implement best security practices on all vulnerable points on your system, including your servers and desktops, and establish a multi-layered, comprehensive line of defence. These sophisticated threats require a sophisticated solution.