Malicious data is data that, when introduced to a computer—usually by an operator unaware that he or she is doing so—will cause the computer to perform actions undesirable to the computer's owner. It often takes the form of input to a computer application such as a word-processing or spreadsheet program. It is thus distinguished from a malicious program such as a computer virus, compared to which malicious data is perhaps even more stealthy.
An example of malicious data at work is the Melissa "virus," which spread through the e-mail systems of the world on March 26, 1999. Though the media called Melissa a virus, this was a misnomer; rather, it was a case of malicious data wedded to a macro virus, or a virus that works by setting in motion an automatic sequence of actions within a software application. Melissa did not damage computers themselves, yet it produced a result undesirable to anyone but its creator. By taking advantage of a feature built into the Microsoft Word program, it sent itself to the first 50 addresses in the user's Outlook Express, an e-mail program also produced by Microsoft. Melissa, for which computer programmer David L. Smith was eventually charged, caused $80 million worth of damage, prima-rily in the form of lost productivity resulting from the shutdown of overloaded mailboxes.
In practice, malicious data is much like a malicious program, yet it is difficult to protect against malicious data using the methods typically used to circumvent malicious programs, such as file access control, firewalls, and the like. Malicious data has been used not simply for pranks such as Smith's, but to transfer funds out of the operator's financial accounts, and into those of the perpetrator. In this crime, the operator him-or herself is a participant, albeit an unwitting and unwilling one.
█ FURTHER READING:
Gelman, Robert B., and Stanton McCandlish. Protecting Yourself Online: The Definitive Resource on Safety, Freedom, and Privacy in Cyberspace. New York: Harper Edge, 1998.
Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. New York: John Wiley, 2000.
Schwartau, Winn. Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists, and Weapons of Mass Disruption. New York: Thunder's Mouth Press, 2000.
Mitchell, Russ, Richard Folkers, and Susan Gregory. "Why Melissa Is So Scary." U.S. News & World Report. (April 12, 1999): 34–36.
Sibert, W. Olin. Malicious Data and Computer Security. < http://home.earthlink.net/~wolfboy/ARCHIVE/GenSecure/maldata.htm > (April 3, 2003).