Fragmented distribution attack in computer security is a malware or virus distribution technique aiming at bypassing protection systems by sending fragments of code over the network.
Contents
This technique has been first described in a paper published on Virus Bulletin 2009 annual conference by Anoirel Issa, malware Analyst for the Symantec Hosted Services, formerly MessageLabs.
Method of attack
A malware is split into several fragments and are embedded in an innocent file, and these segments are sent over a protected network. The fragmented malware successfully bypasses firewalls, IDS and anti-virus undetected, then is re-assembled on victim's system. The re-assembler is a separate program, which is not necessarily a malware thus can evade security measures, locates malware fragment carriers and pre-assemble the malware in memory. The re-assembler may write the code to disk then executes the re-assembled code on either in memory or on disk.
Consequences
If successfully achieved, an FDA attack can result to some serious consequences depends on the victim's level of protection. Consequence not easily predictable but can lead to: