Distribution Potential
Distribution potential is derived from the characteristics of the malicious program. Fast-spreading network worms can spread across continents within just minutes. Some malicious programs also use numerous infection and spreading techniques – often referred to as blended threats or mixed threats. The Nimda virus, for example, was able to spread via email, network shares, infected Web sites, as well as Web traffic (http/port 80).
As new systems are made and improved with added functionality, proof-of-concept malware often follows. This uniqueness, as well as the widespread implementation of a particular operating system or software, also influences the potential distribution of each malware. Many viruses written in the past do not run or spread on newer operating systems or operating systems that have all the latest security patches installed.
High
- Blended threats (i.e. spreads via email, P2P, IM, network shares)
- Mass mailers
- Spreads via network shares
Medium
- Mailers
- has spread via third-party or media
- spreads in IRC, IM, or P2P
- requires user intervention to spread
- URL/Web site download
Low
- no network spreading
- requires manual distribution to spread
