logo

Non-Replicating Malicious Code

Incomplete Base
Structure: Simple
Description

This type of malicious code is designed to operate only on the specific system it initially infects. Unlike viruses or worms, it does not contain mechanisms to copy itself or spread to other devices or networks.

Extended Description

Non-replicating malware, often called a 'one-shot' or 'targeted' attack, focuses all its impact on a single compromised host. Common examples include logic bombs that trigger on a specific date, spyware that steals data from one machine, or ransomware that encrypts only the local filesystem. Because it doesn't propagate, its discovery and containment are typically easier, but the damage to the initial target can be severe and deliberate. For developers, the key takeaway is that security defenses shouldn't focus solely on network perimeter controls. Strong host-based security—like application allow-listing, strict file integrity monitoring, and principle of least privilege enforcement—is critical to detect and stop these localized threats. Understanding this behavior helps in creating incident response plans that prioritize isolating the affected system without the added complexity of a widespread outbreak.
Common Consequences 1
Scope: ConfidentialityIntegrityAvailability

Impact: Execute Unauthorized Code or Commands
Potential Mitigations 2
Phase: Operation
Antivirus software can help mitigate known malicious code.
Phase: Installation
Verify the integrity of the software that is being installed.
References 1
A Taxonomy of Computer Program Security Flaws, with Examples
Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi
19-11-1993
https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf(2024-11-17)
ID: REF-1431
Modes of Introduction
Implementation
Operation
Related Weaknesses
ChildOf: Trojan Horse (CWE-507)
Taxonomy Mapping
  • Landwehr