CAPEC-456: Infected Memory
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
后果影响
影响范围: Authorization
技术影响: Execute Unauthorized Commands
缓解措施
Leverage anti-virus products to detect stop operations with known virus.
示例实例
A USB Memory stick has malicious logic inserted before shipping of the product allowing for infection of the host machine once inserted into the USB port.
In 2007, approximately 1800 of Seagate's Maxtor Personal Storage 3200 drives were built under contract with an outside manufacturer and contained a virus that stole user passwords.