So there you have it, you have found a vulnerability in your system. What are the risks? A malicious person may use an exploit (if one exists) to compromise the system. An exploit is a piece of code that opens a door to the target. Once the door is opened, the attacker will send malicious code called a payload.
Let's take an example, the Trojan horse! Greek warriors wait patiently inside the Trojan horse before taking action.
Trojans who accept the offering: this is the vulnerability
getting the Trojan horse into the compound: that's the exploit
the warriors in the Trojan horse: this is the payload
A payload is a self-executing application that can self-activate. This code provides the attacker with unauthorized remote access to the target. From that point on, anything becomes possible and here are some typical examples of damage done:
- Data theft:
Allows extraction of sensitive data such as login credentials or bank details.
Allows surveillance of a company for the purpose of industrial espionage or an individual to set up blackmail.
- Deleting / modifying files:
Allows to change the behavior of a device (for a computer, disable the operating system for example or damage the boot process).
- Downloading new files:
Allows to install a much more harmful malware.
- Running tasks in the background:
Allows you to mine crypto-currencies for example.