Off Topic: Unicode Right-to-Left Override character used by malware
Here's an interesting thing for you security types to be aware of. Many of you probably are careful to screen attachment types to make sure that you don't unintentionally execute code that might be malicious.
Malware authors have discovered that by embedding a unicode control character in file names, they can cause the file name to read right-to-left (instead of the normal English left-to-right) and therefore obfuscate file extensions.
For example, "innocuous_cod.exe" could have the RLO character inserted after the underscore, and then it would read as "innocuous_exe.doc" (everything after the "_" is read right-to-left).
Here's a write-up with links to detected variants: https://blog.commtouch.com/cafe/malware/exe-read-backwards-spells-malware/
Comments
- Anonymous
September 14, 2011
The comment has been removed