CAPEC-448: Embed Virus into DLL
An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.
Last updated
Overview
CAPEC-448 (Embed Virus into DLL) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.
Consequences
What a successful CAPEC-448 attack can achieve.
Execute Unauthorized Commands
Affects: Authorization
How to mitigate it
Defenses that reduce the risk of CAPEC-448.
- Leverage anti-virus products to detect and quarantine software with known virus.
Terminology & mappings
Mapped taxonomies
- ATTACK: Obfuscated Files or Information: Embedded Payloads (1027.009)
Frequently asked questions
Common questions about CAPEC-448.
- What is CAPEC-448?
- An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.
- How do you prevent CAPEC-448?
- Leverage anti-virus products to detect and quarantine software with known virus.
- What weaknesses does CAPEC-448 target?
- CAPEC-448 exploits 1 CWE weakness, including CWE-506 (Embedded Malicious Code).
- How severe is CAPEC-448?
- MITRE rates CAPEC-448 as High severity with medium likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-448
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.