Last-minute paper reserve: Fragmented distribution attack

Anoirel Issa MessageLabs, Symantec

Through the years there has been a constant evolution of anti-virus evasion techniques. One of the latest trends that has been widely witnessed is process code injection.

However, a not previously and publicly disclosed technique may lead to some irreversible consequences: we call this technique the 'Fragmented Distribution Attack'.

An email with a simple attached image arrives in your mailbox from someone you might know, you double click and open it. As expected the image is displayed and nothing else happens. A system administrator might have noticed nothing suspicious from his system monitor logs. Everything looks fine as the anti-virus product and the firewall remain silent. No one would expect that under that silence, the computer is being compromised by a Fragmented Distribution Attack. This sounds like a fictional tale, but beware, this threat has been first seen by MessageLabs researchers as early as August 2008, and might be happening within your own networked systems.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 224,242 registered users.