thiojoe 1 jaar geleden

This Insane Virus Trick Would Have Fooled Me | Watch Out!

This video explains how a special invisible Unicode character called a right-to-left override (RTLO) can be used to trick users into running malicious files, and how to protect yourself from it.

The RTLO reverses any text that comes after it, which can be used to make a file appear to be a spoof or hide the true filetype, even if viewing file extensions is enabled. For example, I show a file which appears to be a Word document, but it is actually an executable file. 


The Unicode code for the RTLO character is 202E and is normally used for languages that are read from right to left, however there are other similar Unicode characters besides that one. Even though the text appears reversed, it is still interpreted by the computer from left to right, meaning a malicious file could display any characters at the end of a filename and pretending that is the file extension, but the computer sees the true extension as if the text is not reversed.


This trick is not limited to .exe files and has been used in several real malware campaigns with other file types, such as .scr files and VBS scripts. Also importantly, the file icon can be changed to match the spoofed file type. As always, the best way to protect against this type of trick is to know about it. Never open or run any suspicious files, no matter how benign they may appear. And also verify the actual filetype before opening anything.

ThioJoe
thiojoe