Script Fragmentation Attack Could Allow Hackers to Dodge Anti-virus Detection
Security researcher Stephan Chenette opened up to eWEEK about a new Web attack vector that could potentially render desktop and gateway anti-virus products useless.
Chenette, manager of security research at Websense, calls the attack script fragmentation. Similar to TCP fragmentation attacks, it involves breaking down Web exploits into smaller pieces and distributing them in a synchronous manner to evade anti-malware signature detection.
"What this attack enables you to do is really get exploit code from the server into the browser memory and trigger the exploit," Chenette said. "Once you actually are able to trigger that exploit, you own that machine, so that means you can disable anti-virus, you can disable any protection mechanism after the fact."
The attack, which has not been seen in the wild by Websense, works on all the major browsers. Technically, however, it is not a browser vulnerability-it merely takes advantage of the way browsers work.