| Name |
Infected Software |
|
| Likelyhood of attack |
Typical severity |
| Medium |
High |
|
| Summary |
An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain. |
| Prerequisites |
Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have. |
| Solutions | Leverage anti-virus products to detect and quarantine software with known virus. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-506 |
Embedded Malicious Code |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-441 |
An adversary installs or adds malicious logic (also known as malware) into a seemingly benign component of a fielded system. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. With the proliferation of mass digital storage and inexpensive multimedia devices, Bluetooth and 802.11 support, new attack vectors for spreading malware are emerging for things we once thought of as innocuous greeting cards, picture frames, or digital projectors. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems and their components that are still under development and part of the supply chain. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1195.001 |
Supply Chain Compromise: Compromise Software Dependencies and Development Tools |
| 1195.002 |
Supply Chain Compromise: Compromise Software Supply Chain |
|