The IT Law Wiki


A penetration attack involve the use of a delivery mechanism to transport a malicious payload to the target host in the form of a Trojan horse or remote control program.


These malicious payloads can be delivered either through some input medium (e.g., floppy or CD-ROM), download, or e-mail; or by exploiting existing bugs and security flaws in such programs as Internet browsers. Activation need not be intentional (e.g., double-clicking an icon), but can also occur by executing compromised code that users intentionally download from the Internet (e.g., device drivers, browser plug-ins, and applications) or unknowingly download (e.g., ActiveX controls associated with Web pages they visit). Even the simple viewing of a message in the preview screen of an e-mail client has, in some cases, proved sufficient to trigger execution of its attachment.

See also[]