Hackers flip characters to disguise malware

September 8, 2011 – 6:42 AM

Hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.

The exploit, dubbed “Unitrix” by Avast Software, abuses Unicode for right-to-left languages — such as Arabic or Hebrew — to mask Windows executable files (.exe) as innocuous graphic images (.jpg) or Word documents (.doc). Unicode is the computer industry standard for representing text with alpha-numeric codes.

The Unitrix exploit uses a hidden code (U+202E) that overrides right-to-left characters to display an executable file as something entirely different. Using that ploy, hackers can disguise a malicious file that ends with gpj.exe as a supposedly-safer photoD18727Coll exe.jpg by reversing the last six characters of the former.

Source:
http://www.networkworld.com/news/2011/090711-hackers-flip-characters-to-disguise-250579.html?source=nww_rss

You must be logged in to post a comment.