You are here

HomeDavid Andrew › What is a Blended Threat?

What is a Blended Threat?

Dennis Faas's picture
by David Andrew on March, 31 2006 at 08:03AM EST

" What the heck is a blended threat? "

I'm glad you asked ;-)

According to searchSecurity.com a blended threat is "a computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems." (Source: searchSecurity.com)

Now that's a mouthful!

In more simpler terms, a blended threat is an attack that combines two or more vulnerabilities or attack methods on a remote machine. Blended threats are usually quite effective in accomplishing their goals.

The latest blended threat I just read about is combining a vulnerability present in Internet Explorer with a spoofing attack (See: Microsoft Security Advisory #917077, March 23, 2006).

At the time of this writing, Microsoft has yet to release a patch for this exploit.

Here's an example of how the attack works:

  • An attacker sends out unsolicited email to hundreds of thousands of unsuspecting victims (I.E.: he spams them). The e-mail contains real excerpts from a BBC news story and presents the reader with a link to "read more". But instead of taking the reader to the BBC's website, he is redirected to a fake site that looks exactly like BBC's website.
     
  • Not only is the site a fake, but the page the victim is taken to has some code present that silently installs a keylogger on the victim's machine. The keylogger is able to execute automatically because of the vulnerability present within Internet Explorer.

The fact that Microsoft has yet to release a patch for this vulnerability heightens the risk of this particular blended threat.

So, what can you do to protect ourselves from these blended threats?

The same sort of things we should be doing normally:

  1. Have good common sense (i.e., don't click on unsolicited email links, and steer clear of unestablished web sites).
     
  2. Keep up to date with security patches from Microsoft's Windows Update website.
     
  3. As I mentioned in an earlier article, and as an extra security layer: you might want to switch to Mozilla Firefox instead of using Internet Explorer. (Source: Keeping Spies Out, Part 3)

Till the next time!

For more great tips like this one, be sure to download David's free security newsletter to your mailbox, today!

Filed under:
Security
| Tags:
blended threat
,
internet explorer
,
microsoft
,
security
,
attack
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.