Examples of recently emerged blended threats include MyDoom, Netsky, Sasser, and Sobig. The Sobig worm exemplifies one of the dangers of blended threats. When Sobig successfully infects a computer, it downloads spyware from a Web site, including a key logger. The key logger monitors the system for any banking, credit card purchases, or other financial activity and captures user information, passwords, and cookies and sends them back to the authors. Additionally, Sobig downloads an unlicensed copy of the Wingate proxy server, allowing any malicious user who knows the Internet protocol address of the infected machine to channel actions through the system anonymously. Spammers used the proxy to anonymously send unsolicited e-mail.
Blended threats are an increasing risk to organizations. Security analysts have noticed an increase in the number of blended threats, as well as increasingly destructive payloads. Such threats combine the characteristics of different types of malicious code, such as viruses, worms, Trojan horses, and spyware. The multiple propagation mechanisms often used in blended threats allow them the versatility to circumvent an organization’s security in a variety of ways. As a result, blended threats can infect large numbers of
systems in a very short time, with little or no human intervention, causing widespread damage very quickly. They can then simultaneously overload system resources and saturate network bandwidth. The following figure shows the ability of some blended threats to bypass security controls.
If you would like to make a comment, please fill out the form below.
