Although prepared for martyrdom, I preferred that it be postponed - Winston Churchill
|
|
|
Windows 7 malware is camouflaged using unicode filename trickery
LONG SUFFERING Windows PC users have been warned about malware Trojans that camouflage malicious executable files using a fancy unicode trick.
Unicode is a computing industry standard that provides a unique number for every character you use, no matter what system you are using. With malicious trickery, criminals have worked out how to fiddle with unicode so that some characters in a Windows filename can be reversed.
Security firm Norman found malicious email attachments that appeared on the surface to have filenames with standard alphabetical characters, with unicode-capable viewers seeing nothing out of the ordinary.
However, if you look at the file from a command prompt, it shows that the last bit of the filename has actually been reversed, and that this seemingly innocuous emailed file is actually an executable.
Norman tested other filenames, and found that the same unicode trick allowed files to hide the fact that they were executable in the email client Lotus Notes. The firm said that any filename could hide extensions like PDF and EXE using the trick.
The firm said that the issue only affects Windows Vista and Windows 7 users, as Windows XP users have to install support for right-to-left languages in order to be vulnerable.
Email clients other than Lotus Notes could also treat the issue differently, as some don't support unicode, while others are programmed to block executables even if the file's name doesn't display it as being executable.
Norman warned simply, "Do not rely on any file attachment or file on any device to be safe based on its file name." µ
Tags: Security
Share this:
Share
Outlook would catch this as it blocks executable files automatically. Sure it might no LOOK executable to the user but the extension filter is going to catch it.
...same problem posting here trying to use the less-than or greater-than characters only to see them showing up as HTML gobbledygook.
INQUIRER WEBMEISTER - ARE YOU LISTENING??
And another suggestion. Please add an edit box for the original poster to fix these f**kups as well as others. All your friends are doing it...why not join the party?
And BTW, does anybody know who the current INQ editor is? Paul Hales was the last editor I know of and he left back in June 2009. Why is this a secret?
Sigh, and ironically my comment to robert gets mangled by theinq's primitive handling of removing brackets and partially replacing them with the html coding for greater than and less than signs, oh the irony.
Talk to your web developers inq, tell them it's 2011 and we should be able to handle that elegantly.
Lol. clever trick, and impressive of MS to code windows so it's fooled by it, I can't believe w7 is apparently STILL not native unicode and its kludgy nature causes this sort of thing.
@Robert Carnegie, it names stuff blahblah<unicode doc.exe which then sometimes is seen as blahblahexe.doc and other times as blahblah<unknown doc.exe, so those programs seeing it as .doc think it's not an exe, the rest thinks it is an .exe, and bob's your evil uncle
How 'bout releasing a patch that will detect if the filename has that reversed bit trick, and refuse to download it if so?
These bastards won't be happy until computers are completely unusable! Death is too good for malware writers. Hang them all!
If you reverse "EXE", it spells -
No?