Malwares hiding behind the backwards Unicode names

This article will introduce to Backwards Unicode names of files that hide malware and viruses. This principal can be used in every OS`s like Windows, Linux, Mac. I have chosen this topic because I think it can be very dangerous for everyone even good specialist of IT. I think that this topic is relevant to the IT security, because yours system can be infected by malware that hard to recognize.

Norman one of Anti-Virus vendor has discovered malware that camouflages its file name via special Unicode characters. For example, they may show up as exe.importantdoc.pdf . However, an executable (EXE) file that will launched when double-clicked, is hidden behind this file name.

The offending unicode characters are 0x202E – right-to-left override and 0x202B – right-to-left embedding. They coexist with their siblings 0x202Dleft-to-right override and 0x202A – left-to-right embedding. These are general unicode punctuation codes. “

Examples:

Conclusion:

User will therefore no longer be able to trust the file names that are being displayed.

Reference:

http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole/

Advertisements
This entry was posted in IT Security, Week 19. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s