The application contains code that appears to be malicious in nature.
Extended Description
Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Terminology Notes
The term "Trojan horse" was introduced by Dan Edwards and recorded by
James Anderson [18] to characterize a particular computer security threat;
it has been redefined many times [4,18-20].
Time of Introduction
Implementation
Common Consequences
Scope
Effect
Confidentiality
Integrity
Availability
Technical Impact: Execute unauthorized code or
commands
Demonstrative Examples
Example 1
In the example below, a malicous developer has injected code to send
credit card numbers to his email address.
Remove the malicious code and start an effort to ensure that no more
malicious code exists. This may require a detailed review of all code,
as it is possible to hide a serious attack in only one or two lines of
code. These lines may be located almost anywhere in an application and
may have been intentionally obfuscated by the attacker.
Description
