|
|
December 28, 2003 CCSP Staff
Answer: Blended Threats
What is a Blended Threat??
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:
..Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
..Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
..Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and write-able network shares, makes numerous registry changes, and adds script code into HTML files.
..Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
..Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms, to and including anti-spyware and adware applications (blockers). Links to these applications and information may be found in our Virus-Worm Related and Spyware-HiJack Related Forums.
Blended Threats
According to Symantec's Semantics the Trojan Bookmarker is a trojan. Actually it is not...this is a case where: if it looks like a duck, quacks like a duck, acts like a duck, it's a swan.
Here is a recent listing:
Trojan.Bookmarker
Discovered on: December 20, 2003
Last Updated on: December 23, 2003 01:18:12 PM
Trojan.Bookmarker is a small Trojan horse that modifies the Internet Explorer's home page and search page, and adds bookmarks that point to pornographic Web sites to the Favorites folder.
This Trojan changes the Internet Explorer Home page to the webcoolsearch.com. It is also packed with UPX.
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: DOS, Linux, OS/2, UNIX
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bookmarker.html
Trojan Bookmarker
Moral of this story: The above is a Hi-Jack.
Virus-Worm Related
Spyware-HiJack Related
Required Read: So how did I get infected in the first place?
|
|
|
 |
| "Malware: When is a Trojan (not)??" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 5
Votes: 1
|
|
|
