Software Defects – Code Injection
July 18, 2008 by Antivirus Ware.com - Download Norton Antivirus software instantly!The processing of invalid data creates a computer “bug” known as code injection and is oftentimes used by an attacker to change the execution course of a computer program by injecting (introducing) the code into it. A code injection attack oftentimes has disastrous consequences. As an example, a code injection can be utilized by a single computer worm to create more worms, especially when there isn’t any computer antivirus program present. There are two uses of code injection — one being malevolent, the other being benevolent.
Malevolent Code Injection
Characteristically, the use of code injection is considered to be malevolent by nature. When a hacker attempts to crack a code or hack private information, as well as gain access to a restricted system, they will use some form of code injection to accomplish their unethical goals. The main malevolent uses of code injection are:
- installing malware on a computer or a server
- modifying values in a database (SQL injection)
- privilege escalation to local system or root permissions
- stealing cookies or sessions from web browsers
Benevolent Code Injection
There are times when code injection is used with good intentions, such as the changing or tweaking of a program’s or a system’s behavior. The program or system is “tricked” by the code injection into behaving in a non-malicious fashion. Here are a couple of examples:
- to introduce a useful new column on a search results page that did not show up there originally
- to offer a new way of filtering, grouping, or ordering data in a field that was not exposed (originally) in the original design’s default functions
