CAPEC-442

Infected Software
Medium
High
Stable
2014-06-23
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Notifications manage

Descriptions CAPEC

An adversary adds malicious logic, often in the form of a computer virus, to otherwise benign software. This logic is often hidden from the user of the software and works behind the scenes to achieve negative impacts. Many times, the malicious logic is inserted into empty space between legitimate code, and is then called when the software is executed. This pattern of attack focuses on software already fielded and used in operation as opposed to software that is still under development and part of the supply chain.

Informations CAPEC

Prerequisites

Access to the software currently deployed at a victim location. This access is often obtained by leveraging another attack pattern to gain permissions that the adversary wouldn't normally have.

Mitigations

Leverage anti-virus products to detect and quarantine software with known virus.

Related Weaknesses

CWE-ID Weakness Name

CWE-506

 Embedded Malicious Code
The product contains code that appears to be malicious in nature.

References

REF-387

How Computer Viruses Work
Marshall Brain.
http://www.mindpride.net/root/Extras/how-stuff-works/how_computer_viruses_work.htm

Submission

Name Organization Date Date release
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00 Updated Description Summary, Examples-Instances, References, Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2018-07-31 +00:00 Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Examples-Instances, References, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2019-09-30 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Attack_Patterns
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.