Malicious Data
Malicious Data
Malicious data is data that, when introduced to a computer—usually by an operator unaware that he or she is doing so—will cause the computer to perform actions undesirable to the computer's owner. It often takes the form of input to a computer application such as a word-processing or spreadsheet program. It is thus distinguished from a malicious program such as a computer virus, compared to which malicious data is perhaps even more stealthy.
An example of malicious data at work is the Melissa "virus," which spread through the e-mail systems of the world on March 26, 1999. Though the media called Melissa a virus, this was a misnomer; rather, it was a case of malicious data wedded to a macro virus, or a virus that works by setting in motion an automatic sequence of actions within a software application. Melissa did not damage computers themselves, yet it produced a result undesirable to anyone but its creator. By taking advantage of a feature built into the Microsoft Word program, it sent itself to the first 50 addresses in the user's Outlook Express, an e-mail program also produced by Microsoft. Melissa, for which computer programmer David L. Smith was eventually charged, caused $80 million worth of damage, prima-rily in the form of lost productivity resulting from the shutdown of overloaded mailboxes.
In practice, malicious data is much like a malicious program, yet it is difficult to protect against malicious data using the methods typically used to circumvent malicious programs, such as file access control, firewalls, and the like. Malicious data has been used not simply for pranks such as Smith's, but to transfer funds out of the operator's financial accounts, and into those of the perpetrator. In this crime, the operator him-or herself is a participant, albeit an unwitting and unwilling one.
█ FURTHER READING:
BOOKS:
Gelman, Robert B., and Stanton McCandlish. Protecting Yourself Online: The Definitive Resource on Safety, Freedom, and Privacy in Cyberspace. New York: Harper Edge, 1998.
Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. New York: John Wiley, 2000.
Schwartau, Winn. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists, and Weapons of Mass Disruption. New York: Thunder's Mouth Press, 2000.
PERIODICALS:
Mitchell, Russ, Richard Folkers, and Susan Gregory. "Why Melissa Is So Scary." U.S. News & World Report. (April 12, 1999): 34–36.
ELECTRONIC:
Sibert, W. Olin. Malicious Data and Computer Security. <http://home.earthlink.net/~wolfboy/ARCHIVE/GenSecure/maldata.htm> (April 3, 2003).
SEE ALSO
Computer Hackers
Computer Software security
Computer Virus
Infrastructure Protection Center (NIPC), United States National
Malicious Data
Malicious Data
A forensic examination such as forensic accounting often involves tracing an electronic data trail. Roadblocks can be deliberately introduced to obscure the trail and thwart those attempting to uncover the wrongdoing. As well, data can be deliberately introduced with the aim of compromising or destroying the quality of the information housed in a database or computer file. Forensic accounting and criminal investigations both attempt to identify so-called malicious data.
Malicious data is data that, when introduced to a computer—sometimes by an operator unaware that he or she is doing so—will cause the computer to perform actions undesirable to the computer's owner. It often takes the form of input to a computer application such as a word-processing or data spread-sheet program. It is thus distinguished from a malicious program such as a computer virus , compared to which malicious data is perhaps even more stealthy.
An example of malicious data at work is the Melissa "virus," which spread through the e-mail systems of the world on March 26, 1999. Though the media called Melissa a virus, this was a misnomer; rather, it was a case of malicious data wedded to a macro virus, or a virus that works by setting in motion an automatic sequence of actions within a software application. Melissa did not damage computers themselves, yet it produced a result undesirable to anyone but its creator. By taking advantage of a feature built into the Microsoft Word program, it sent itself to the first 50 addresses in the user's Outlook Express, an e-mail program also produced by Microsoft. Melissa, for which computer programmer David L. Smith was eventually charged, caused $80 million worth of damage, primarily in the form of lost productivity resulting from the shutdown of overloaded mailboxes.
In practice, malicious data is much like a malicious program, yet it is difficult to protect against malicious data using the methods typically used to circumvent malicious programs, such as file access control, firewalls, and the like. Malicious data has been used, not simply for pranks such as Smith's, but to transfer funds out of the operator's financial accounts, and into those of the perpetrator. In this crime, the operator is a participant, albeit an unwitting and unwilling one.
see also Computer forensics; Computer hackers; Computer security and computer crime investigation.