Definition — What is Blended Threat?

A Blended Threat is a type of exploit that uses multiple techniques to attack a system. In general, cyberattacks tend to have only one attack vector, however, blended attacks will use multi-pronged strikes to exploit any vulnerabilities. Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code. Security and IT personnel have a difficult time trying to deal with a blended attack as they hit with great speed and inflict widespread damage. Blended threats are capable of performing many different actions, including damaging and deleting critical files to stealing login credentials, and crashing the company network. These attacks can also use multiple modes of transportation. Instead of spreading via email, a blended virus could use peer-to-peer networks, and even search engines.

Popular examples of blended threats include Code Red, Nimda, and Bugbear.

The Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed threat attack to successfully target enterprise networks. The Code Red worm was first discovered and researched by Marc Maiffret and Ryan Permeh. Although the worm had been released on July 13, the largest group of infected computers was seen on July 19, 2001. On that day, the number of infected hosts reached 359,000. Code Red is a worm that caused possible billions of dollars of damage in the summer of 2001.

The Nimda worm is a classic example of how blended threats can propagate. It was first observed on the Internet on September 18, 2001. It initially spread through e-mail by exploiting a bug in Microsoft Outlook and Outlook Express that allowed it to propagate without the user opening an attachment. Once a desktop was infected, it spread from there through network shares and vulnerable Microsoft IIS Web servers. Nimda appears to be the most troublesome virus of its type that has yet appeared.