Payload: Definition and additional resources from ZDNet

(1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. In a key-length-value structure, the key and length are descriptive data about the value (the payload). See protocol stack.

(2) In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software's harmful results. Examples of payloads include data destruction, messages with insulting text or spurious e-mail messages sent to a large number of people.

Reproduced with permission from Computer Desktop Encyclopedia.
Copyright (c) 1981-2008 The Computer Language Company Inc.
All rights reserved.

Additional Resources

From Metasploit to Microsoft: Skape goes to Redmond: Metasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft's Security Science team. Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through...; Tags: Developer, Microsoft Corp., Matt Miller, Microsoft Windows, Operating Systems, Software, Ryan Naraine; Blog posts 2008-08-18
CNET's Clientside developer blog serving Adobe Flash exploits: Yesterday, Websense Labs issued an alert regarding a compromised CNET blog, namely the Clientside developer blog which has been embedded with a malicious javascript code attempting to exploit the visitors through a well known vulnerability in Adobe Flash's player. Websense's alert : "Websense Security Labs ThreatSeeker Network has discovered...; Tags: adobe systems inc., cnet networks inc., javascript, blog, websense inc., malware, scripting languages, security, viruses and worms, software/web development, web development, dancho danchev; Blog posts 2008-08-07
Web worms squirm through Facebook, MySpace: My colleagues at Kaspersky Lab see disclosure have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems. The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player...; Tags: Web, Facebook, Kaspersky Lab, Network, Macromedia Flash Player, Social Engineering, Worm, MySpace, Victim Machine, Cyberthreats, Social Networking, Viruses And Worms, Security, Online Communications, Marketing, Advertising & Promotion, Ryan Naraine; Blog posts 2008-07-31
Tiller Beauchamp on the Recon 2008 conference: Guest Editorial by Tiller Beauchamp Earlier this month I had the opportunity to present RE:Trace at the Recon conference, a reverse engineering conference held every other year in Montreal, Canada. The conference consisted of three days of training and three days of talks in a single track. Topics...; Tags: Reverse Engineering, Kernel, Conference, Novell NetWare, LDAP, Operating Systems, Servers, Directory Services, Enterprise Software, Software, Hardware, Nathan McFeters; Blog posts 2008-07-02
Sony PlayStation's site SQL injected, redirecting to rogue security software: The latest high trafficked web site to fall victim into the continuing waves of massive SQL injection attacks courtesy of copycats and the ASProx botnet, is Sony's PlayStation U.S site according to a recent post at SophosLabs's blog : "Researchers at IT security firm Sophos have warned lovers of...; Tags: Sony Corp., Domain, SQL, Sony Playstation, SQL Injection, Hacker, Programming Languages, Game Players, Databases, Security, Software Development, Software/Web Development, Consumer Electronics, Personal Technology, Enterprise Software, Software, Data Management, Dancho Danchev; Blog posts 2008-07-02

Researcher claims thousands of identities stolen during Social Engineering pentests: Kelly Jackson Higgins of Dark Reading, reported on research conducted by Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, who has been performing social engineering exploits for numerous clients in the past year and has apparently stolen thousands of identities with a 100 percent success rate. ...; Tags: Social Engineering, Identity, Dark Reading Article, Identity Theft, Security, Nathan McFeters; Blog posts 2008-07-01
Apple plugs 25 Mac OS X security vulnerabilities: Apple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks. With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit. ...; Tags: Security, Apple Macintosh, Apple Inc., Arbitrary Code Execution, Small And Medium Business, Apache Tomcat, Application Termination, Apple Mac OS X, Apple Mac OS, Smb/Sme, Operating Systems, Software, Ryan Naraine; Blog posts 2008-06-30
Car makers are doing all they can, you and I are the problem: Car makers are doing all they can, you and I are the problem....Not buying it Harry. People didn't buy the more efficient vehicles because they were not marketed with the same "sexy" fervor as the larger and less efficient ones. That is a fact. Almost every car commercial or advertisement...; Tags: Manufacturing, I-told-you-so, Blame Game, big vehicle, efficient vehicle; Discussion threads 2008-06-18
Airport security part 3: Planes, trains, and automobiles: I took a trip home to Michigan this week via Amtrak, and I got to thinking about previous articles I've written about airline security and wondered why are the security concerns so much more lax for trains and cars than they are for planes? There's certainly some obvious...; Tags: Bottle, Airport Security, Security, Nathan McFeters; Blog posts 2008-06-15
Flash attack may as well have been zero-day: Guest Editorial by Dino Dai Zovi It has almost been a week since the Adobe Flash zero-day attack false alarm. Since then, a number of people have called Symantec out as being irresponsible for crying wolf and announcing the raising the ThreatCon without fully researching the vulnerability (Full...; Tags: Vulnerability, Attack, Flash, Security, Ryan Naraine; Blog posts 2008-06-03
ActiveX control bug bites Creative Labs AutoUpdate engine: A high-severity security flaw in the Creative Software automatic update engine could put Windows computers at risk of remote code execution attacks, according to a warning from the US-CERT Computer Emergency Readiness Team. The vulnerability affects the software used to provide updates to Creative Labs' audio/video entertainment product line,...; Tags: Webcam, Zen, Automatic Update, Blaster Worm, ActiveX Control, Creative Labs Inc., ActiveX Control Bug, Create Software AutoUpdate Engine ActiveX Control, ActiveX/COM/COM+/DCOM, Patches, Viruses And Worms, Security, Software Development, Software/Web Development, Ryan Naraine; Blog posts 2008-05-30
Michael Howard on SQL Injection and my concerns on the most recent attacks: So, in catching up with blogs after vacation, I went and had a peak at Michael Howard's web log, and was glad to see another post from him. His posts are very insightful I just wish he would post more. So, way back on May 16th (old news now, but still...; Tags: Web, SQL, SQL Injection, Attack, Michael Howard, SQL Payload, SDL, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters; Blog posts 2008-05-29
Adobe Flash drive-by attacks redux: Adobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting kinda that the vulnerability is already patched. In a progress report posted to the official Adobe PSIRT blog, David Lenoe stops short of making definitive statements on...; Tags: Adobe Systems Inc., Vulnerability, Macromedia Flash Player, Malware, Attack, Malware Attack, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine; Blog posts 2008-05-28
2008 Suzuki XL7 Limited: The 2008 Suzuki XL7 Limited is about as much crossover SUV as you can get for the money. Its ride quality and cabin materials might not be on a par with those of other models in the segment, but the XL7 Limited does pack an impressive payload of features--including one...; Tags: Suzuki XL7, pylon, display, camera, Suzuki XL7 Ltd., XL7 Ltd.; Product reviews 2008-05-23
North State Framework (zip): The North State Framework NSF is a .Net class library that provides a one-to-one mapping between UML State Machine diagram elements and library classes, so implementation is a direct translation of the design, making code creation a simple process. Together with NSF's built-in utility classes for threading, timers, and tracing,...; Tags: North State Software, North State Framework, C#, UML, .Net, Programming Languages, Application Servers, Middleware, Software Development, Software/Web Development, Ooa/Ood/Oop, Enterprise Software, Software; Software downloads 2008-05-23
Virtualization smackdown: Sun xVM VirtualBox 1.6 vs. VMWare Server 2.0 Beta 2: Once strictly the domain of software developers and QA engineers, personal and small-business virtualization products are now becoming an attractive solution for entry-level systems consolidation and foreign OS compatibility applications. These solutions run on host operating systems which do not require the overhead or usual high entry cost of professional...; Tags: Innotek VirtualBox, Version, Operating System, Sun Microsystems Inc., VMware Inc., Beta, Sun xVM VirtualBox 1.6 xVM VirtualBox, Linux Setup, VMWare Server 2.0 Beta 2 VMWare Server 2.0, VMWare 2.0, Linux, Virtualization, Storage Management, Utility Computing, Operating Systems, Open Source, Servers, Software, Hardware, Storage, Jason Perlow; Blog posts 2008-05-21
Novell GroupWise 'mailto' URI handler buffer overflow vulnerability: Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit. From Security Focus: Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute...; Tags: Novell Inc., Researcher, Vulnerability, Buffer-overflow, Novell GroupWise, E-mail Servers, E-mail Clients, Groupware, Viruses And Worms, Security, Enterprise Software, Software, Nathan McFeters; Blog posts 2008-04-29
Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers: There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS Internet Information Server, but has since been pointed out as simply a well thought out SQL Injection attack. For those of...; Tags: Developer, Password, Web Application, Server, SQL, Site, SQL Injection, Microsoft IIS Server, Attack, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters; Blog posts 2008-04-28
Websense: UN, UK sites compromised by JavaScript injection: Websense: UN, UK sites compromised by JavaScript injectionNo, It's not just you.I've been noticing this trend for a couple of months now. Unfortunatly it's not only the .Gov sites that are getting hit. It appears however, that at least the .Gov sites are some of the few who are...; Tags: Scripting languages, JavaScript, UK Site, JavaScript injection, injection, Websense Inc.; Discussion threads 2008-04-23
Websense: UN, UK sites compromised by JavaScript injection: Websense on Tuesday said that the UN and UK government sites are being attacked in a mass JavaScript injection attack. According to Websense: Websense Security Labs has been tracking a recent development of the malicious JavaScript injection that compromised thousands of domains at the start of...; Tags: JavaScript, Injection, Websense Inc., Attack, Scripting Languages, Security, Software/Web Development, Web Development, Larry Dignan; Blog posts 2008-04-22