Hackers flip characters to disguise malware

September 8, 2011 – 6:42 AM

Hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.

The exploit, dubbed “Unitrix” by Avast Software, abuses Unicode for right-to-left languages — such as Arabic or Hebrew — to mask Windows executable files (.exe) as innocuous graphic images (.jpg) or Word documents (.doc). Unicode is the computer industry standard for representing text with alpha-numeric codes.

The Unitrix exploit uses a hidden code (U+202E) that overrides right-to-left characters to display an executable file as something entirely different. Using that ploy, hackers can disguise a malicious file that ends with gpj.exe as a supposedly-safer photoD18727Coll exe.jpg by reversing the last six characters of the former.


You must be logged in to post a comment.