A descoberta de novos ataques ou vulnerabilidades é sempre um marco importante em segurança. Este parece uma variante de uma ideia antiga, mas aparece num contexto novo (tanto quanto sei): scripts em aplicações web.
Artigo na eWeek.com: Script Fragmentation Attack Could Allow Hackers to Dodge Anti-virus Detection
Security researcher Stephan Chenette opened up to eWEEK about a new Web attack vector that could potentially render desktop and gateway anti-virus products useless. (...) Similar to TCP fragmentation attacks, it involves breaking down Web exploits into smaller pieces and distributing them in a synchronous manner to evade anti-malware signature detection.
"What this attack enables you to do is really get exploit code from the server into the browser memory and trigger the exploit (...) Once you actually are able to trigger that exploit, you own that machine, so that means you can disable anti-virus, you can disable any protection mechanism after the fact."
The attack (...) has not been seen in the wild (...) works on all the major browsers (...) however, it is not a browser vulnerability—it merely takes advantage of the way browsers work.