Payload (computing)

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing, the payload is the part of the transmitted data that is the actual intended message. Payload does not include information sent with it such as headers or metadata, sometimes referred to as overhead data, sent solely to facilitate payload delivery.[1][2]

In computer security, payload refers to the part of malware which performs a malicious action.[3] In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software's harmful results. Examples of payloads include data destruction, messages with insulting text or spurious e-mail messages sent to a large number of people.

Description[edit]

The term 'payload' is used to distinguish between the 'interesting' information in a chunk of data or similar, and the overhead to support it. It is borrowed from transportation, where it refers to the part of the load that 'pays': for example, a tanker truck may carry 20 tons of oil, but the fully loaded vehicle weighs much more than that - there's the vehicle itself, the driver, fuel, the tank, etc. It costs money to move all these, but the customer only cares about (and pays for) the oil, hence, 'pay-load'.

In programming, the most common usage of the term is in the context of message protocols, to differentiate the protocol overhead from the actual data. Take, for example, a JSON web service response that might look like this (formatted for readability):

{  
   "status":"OK",
   "data":{  
      "message":"Hello, world!"
   }
}

In this example, the string "Hello, world!" is the payload, the part that the recipient is interested in; the rest, while vital information, is protocol overhead.

Another notable use of the term is in malware. Malicious software usually has two objectives: spreading itself, and performing some kind of modification on the target system (delete files, compromise system security, call home, etc.). The spreading part is the overhead, while the code that does the actual evil-doing is the payload.

References[edit]

  1. ^ "Payload definition". Pcmag.com. 1994-12-01. Retrieved 2012-02-07. 
  2. ^ "Payload definition". Techterms.com. Retrieved 2012-02-07. 
  3. ^ "Payload definition". Securityfocus.com. Retrieved 2012-02-07.