Blended Threats Cause a Stir (page 1 of 2)

These dangerous security threats combine the characteristics of malicious code like viruses and worms, but their methods of infiltration and the speed at which they propagate make them a dangerous prospect for any business connected to the Internet.

One of the most publicized blended threats is the Nimda worm, which spread to more than 2.2 million servers and PCs in a single day, affecting computers and connectivity around the world. This blended threat relied on multiple channels of infiltration and several methods of propagation to worm its way into computers around the globe and leave a trail of destruction that cost billions of dollars to clean up after.

The characteristics of blended threats like Nimda differentiate it from garden-variety viruses and worms in several ways. Blended threats:

Cause harm
The sole intention of the blended threat is to cause damage. Some viruses or worms have a relatively tame payload designed more to instil fear -- or a sense of accomplishment in the virus' author -- than to cause widespread damage. But blended threats are intended to cause mass destruction on many levels and are successful in this goal.

Do not have to be activated by the user
Viruses and worms are usually spread by opening an email attachment or downloading a file from the Internet. But blended threats do not require human intervention to propagate, and some of them can be spread simply by opening or previewing an infected email or visiting an infected Web site.

Exploit vulnerabilities
Blended threats search computers for known vulnerabilities, such as incorrectly configured routers or known holes in applications, opening up the server so information stored there can be accessed freely.

May have multiple propagation methods Blended threats do not rely on just one method of spreading. Even if it hits a security measure on a server like a firewall, it may find other ways to gain access to the system.

Use multiple attack methods
Injecting code into HTML files, defacing Web sites, and creating guest accounts with administrator privileges are just an example of the variety of damage blended threats can cause -- all at once. This wide scope of attack makes it difficult to contain the threat once it's discovered.

How can you protect yourself?
Blended threats present a challenge because of this combination of characteristics. A comprehensive, proactive solution is your best defence. Focusing on best security practices on a daily basis can reduce your risk before a threat has been detected, and minimize the damage done should a blended threat infiltrate your system.

Create and enforce a comprehensive security policy
Establish guidelines for safe computing and educate your employees on the dangers of malicious code. Distribute the security policy company-wide, and detail the importance of specific practices such as heeding warnings from antivirus software, creating strong passwords, and handling email attachments safely.

Keep systems up to date
Because blended threats are programmed to seek known holes in programs like Internet browsers and server administration software, it is essential to always keep your operating systems and applications up to date with the latest patches. Downloadable fixes are usually released shortly after a security hole has been discovered in an application. Letting these vulnerabilities go unchecked can leave you wide open to blended threats seeking out that particular hole or scanning for all weaknesses in your system.