Detailed attack pattern
Stable
CAPEC-448: Embed Virus into DLL
An adversary tampers with a DLL and embeds a computer virus into gaps between legitimate machine instructions. These gaps may be the result of compiler optimizations that pad memory blocks for performance gains. The embedded virus then attempts to infect any machine which interfaces with the product, and possibly steal private data or eavesdrop.
Last updated
High
Typical severity
Per MITRE
Medium
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Detailed
Abstraction
MITRE classification
Overview
CAPEC-448 (Embed Virus into DLL) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.
Consequences
What a successful CAPEC-448 attack can achieve.
Execute Unauthorized Commands
Affects: Authorization
How to mitigate it
Defenses that reduce the risk of CAPEC-448.
- Leverage anti-virus products to detect and quarantine software with known virus.