CAPEC-533: Malicious Manual Software Update

An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

CAPEC-533: Malicious Manual Software Update

Overview

What the attacker needs

Prerequisites

Skills required

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-533?

How do you prevent CAPEC-533?

What weaknesses does CAPEC-533 target?

How severe is CAPEC-533?

References

Defend against CAPEC-533