CAPEC-448 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.
Prerequisites
Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.
Potential Solutions / Mitigations
Leverage anti-virus products to detect and quarantine software with known virus.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-506 | Embedded Malicious Code |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-442 | An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1027.009 | Obfuscated Files or Information: Embedded Payloads |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.