Blended threats is a general description for malicious programs or bundles of malicious programs that combine the functionality of different types of malware: viruses, worms, Trojans and so forth.
As applications and operating systems as well as security products have become more sophisticated, virus writers have retaliated by creating more and more complex malicious programs.
A malicious program needs to meet most of the following criteria to be called a blended threat:
Bit is a contraction of ‘binary digit’ and is the smallest unit of measurement for computer data. As the name suggests, bits are counted in base-2, so the value of any given bit will be either 0 or 1 (its value being defined by whether it is above or below a set level of electrical charge within a capacitor).
Eight bits (called a byte) are required for a single alphanumeric character. Higher multiples used to measure data are the kilobyte (1,024 bytes), the megabyte (1,048,576 bytes), the gigabyte (1,073,741,824 bytes) and the terabyte (1,000 gigabytes).
Bandwidth (how fast data travels) is normally measured in bits per second.
Synonyms: Blacklist, Realtime black list, RBL [Realtime Blocklist]
Used as one method of filtering spam, blacklists provide a list of known sources of unwanted e-mail. Traffic from listed IP addresses is simply blocked. Several public blacklists are available, one of the best known being the Mail Abuse Prevention System [MAPS].
The use of blacklists helps to force ISPs [Internet Service Providers] to monitor their own outgoing e-mail and so avoid the negative commercial effects of being ‘blacklisted’.
These are the most dangerous, and most widespread, type of Trojan. Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
In computer networking, bandwidth refers to data transfer rate (how fast data travels) and is normally measured in bits per second (bps). For example, a modem operating at 57,600 bps has twice the bandwidth of a modem working at 28,800 bps.
The BIOS [Basic Input-Output System] refers to the instructions contained in one of the chips in the PC. It is used to start the PC and is used by the operating system to access the computer’s hardware.
A batch file (which has the extension BAT) is designed to automate the execution of multiple commands on a computer. The batch file itself is a text file. However, it contains a list of instructions (including commands to run programs) that are carried out unattended when the batch file is run.
This refers to the technique of deciding whether an application is malicious or not, according to what it does. If an application does something that falls outside the range of ‘acceptable’ actions, its operation is restricted. For example, trying to write to certain parts of the system registry, or writing to pre-defined folders, may be defined as a threat. The action can be blocked, or the user notified about the attempted action. This fairly simple approach can be further refined. It's possible, for example, to restrict the access of one application (let's say allowing a web browser read-only access to limited portions of the system registry) while giving unrestricted access to other programs that do not use the Internet.
An alternative behavioral method is to 'wrap' a downloaded application and restrict its action on the local system. Here the application is run in a protective 'sandbox' [sometimes called a ‘playground’, or ‘secure cache’] to limit its actions according to a pre-defined policy. The activity performed by the program is checked against a set of rules. Depending on the policy, the program’s actions may be considered a violation of the policy, in which case the rogue action is blocked.
Synonyms: Object code
This term is applied to the compiled instructions contained within an executable file. Binary code is not human-readable and can only be ‘understood’ by the computer’s processor when the program is run.
Source code, by contrast, is made up of the statements created by a programmer using a text editor. Source code is human-readable, for anyone who understands the conventions used by that programming language (‘C’, ‘C++’, etc.), but can not be executed by a computer’s processor until it has been compiled.
Bluetooth is a specification for short-range wireless connectivity between Bluetooth-enabled devices (PCs, PDAs, smartphones or pagers fitted with the appropriate chip). Bluetooth has a range of 10 metres and currently supports a transfer rate of 1Mbps. The Bluetooth specification is maintained by the Bluetooth SIG [Special Interest Group], set up in 1998 and made up of more than 2,000 members (including Microsoft®, IBM, Intel, Nokia, Toshiba, Motorola, Sony Ericsson and many others).
The process of starting a PC, during which the BIOS then the operating system are loaded.
Synonyms: System disk
A disk containing the system files required to load an operating system. These files may be located on a hard disk or removable media (floppy disk, CD or USB memory storage device).
The boot sector is the area on a hard disk and floppy disks containing instructions that are executed during the boot process, i.e. when the PC starts. Among other things, the boot sector specifies the location of the operating system files. On a hard disk, the boot sector is the first sector(s) on the bootable partition, i.e. the partition containing the system files. On a floppy disk, the boot sector if the first sector on the disk: all floppy disks contain a boot sector, even if they are just data disks.
A boot sector virus is one that infects by replacing code in the boot sector of a floppy disk (and sometimes a hard disk) with its own code. This ensures that whenever an attempt is made to boot from the infected disk, the virus loads before the operating system.
These viruses are very uncommon now, but in the first half of the 1990s, when floppy disks were the main means of transferring data, they represented the main threat to PC users. Typically, a boot sector virus infected the hard disk when a user inadvertently left an infected floppy disk in drive A. When the PC was next booted, the system would try to boot from the floppy disk and the virus code would execute, regardless of whether or not the floppy disk was a system disk or just a data disk. Most boot sector viruses then infected the MBR [Master Boot Record] of the hard disk, rather than the boot sector.
A bridge connects two LANs [Local Area Networks]: it examines data sent across the network to determine which LAN it should be delivered to.
Broadband (delivered through a Digital Subscriber Line [DSL]) is generally applied to telecommunications in which a wide range of frequencies is available for transmission of data, typically voice and data together. So broadband provides an always-on connection, allowing home user to access the Internet while still being able to use the telephone. Clearly this is more efficient than using a dial-up connection, which makes exclusive use of a telephone line. In addition, broadband typically also provides a faster connection, of 512Kbps, 1Mbps, 2Mbps or more.
A Browser Helper Object [BHO] is a DLL that loads every time Microsoft® Internet Explorer runs. Typically, a BHO is installed by a third party program to enhance the functionality of the web browser (many Internet Explorer plugins, for example, are BHOs).
BHOs can be installed silently, or can be installed ‘quietly’ (many users fail to read the small print that comes with the EULA [End User License Agreement] displayed by the freeware program). Also, because they’re programs, they can do anything that other programs can do. On top of this, there’s no easy way to list the BHOs installed on the PC. As a result, BHO functionality can be misused (to install adware or track browsing habits, for example).
Browser Hijackers modify the user’s web browser settings. This may involve changing the default home page, re-directing searches to unwanted web sites, adding unwanted (sometimes pornographic) bookmarks or generating unwanted pop-up windows.
A bug is an unintentional fault in a program.
Some people mistakenly refer to viruses, worms or Trojans as ‘bugs’. This is incorrect: bugs are unintentional, whereas malicious code represents a deliberate misuse of a user’s computer.
A byte is made up of eight bits and is the data required for a single alphanumeric character.