Content Spoofing
Attack Pattern ID: 148 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker modifies content to make it contain something other than what the original content producer intended while keeping the apparent source of the content unchanged. The term content spoofing is most often used to describe modification of web pages hosted by a target to display the attacker's content instead of the owner's content. However, any content can be spoofed, including the content of email messages, file transfers, or the content of other network communication protocols. Content can be modified at the source (e.g. modifying the source file for a web page) or in transit (e.g. intercepting and modifying a message between the sender and recipient). Usually, the attacker will attempt to hide the fact that the content has been modified, but in some cases, such as with web site defacement, this is not necessary. Content Spoofing can lead to malware exposure, financial fraud if the content governs financial transactions, privacy violations, and other results.

+ Attack Prerequisites

The target must provide content but fail to adequately protect it against modification.

+ Resources Required

No special resources are required by the client for most forms of the attack. If the content is to be modified in transit, the attacker must be able to intercept the targeted messages. In some variants, the targeted content is altered so that all or some of it is redirected towards content published by the attacker (for example, images and frames in the target's web site might be modified to be loaded from a source controlled by the attacker). In these cases, the attacker must be able to host the replacement content.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
Mechanism of Attack (primary)1000
ChildOfCategoryCategory345WASC Threat Classification 2.0 - WASC-12 - Content Spoofing 
WASC Threat Classification 2.0333
ParentOfAttack PatternAttack Pattern38Leveraging/Manipulating Configuration File Search Paths 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern145Checksum Spoofing 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern194Fake the Source of Data 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern218Spoofing of UDDI/ebXML Messages 
Mechanism of Attack (primary)1000