Anoirel Issa MessageLabs, Symantec
download slides (PDF)
Through the years there has been a constant evolution of anti-virus evasion techniques. One of the latest trends that has been widely witnessed is process code injection.
However, a not previously and publicly disclosed technique may lead to some irreversible consequences: we call this technique the 'Fragmented Distribution Attack'.
An email with a simple attached image arrives in your mailbox from someone you might know, you double click and open it. As expected the image is displayed and nothing else happens. A system administrator might have noticed nothing suspicious from his system monitor logs. Everything looks fine as the anti-virus product and the firewall remain silent. No one would expect that under that silence, the computer is being compromised by a Fragmented Distribution Attack. This sounds like a fictional tale, but beware, this threat has been first seen by MessageLabs researchers as early as August 2008, and might be happening within your own networked systems.