Last-minute paper reserve: Fragmented distribution attack

Anoirel Issa MessageLabs, Symantec

  download slides (PDF)

Through the years there has been a constant evolution of anti-virus evasion techniques. One of the latest trends that has been widely witnessed is process code injection.

However, a not previously and publicly disclosed technique may lead to some irreversible consequences: we call this technique the 'Fragmented Distribution Attack'.

An email with a simple attached image arrives in your mailbox from someone you might know, you double click and open it. As expected the image is displayed and nothing else happens. A system administrator might have noticed nothing suspicious from his system monitor logs. Everything looks fine as the anti-virus product and the firewall remain silent. No one would expect that under that silence, the computer is being compromised by a Fragmented Distribution Attack. This sounds like a fictional tale, but beware, this threat has been first seen by MessageLabs researchers as early as August 2008, and might be happening within your own networked systems.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.