Backwards Unicode names hides malware and viruses

[Peaches]

Backwards Unicode names hides malware and viruses

Windows can handle right-to-left by default since Vista.

Source: Norman AV vendor Norman has discovered malware that camouflages its file name via special Unicode characters. For instance, they may show up as exe.importantdocument.doc in the email client or in Windows Explorer. However, an executable (EXE) file that will still be treated as such by the system, and launched when double-clicked, is hidden behind this file name.

Norman's virus analyst, Snorre Fagerland, says that this effect is caused by such Unicode characters as 0x202E (right-to-left override) and 0x202B (right-to-left embedding). When located in the right place, a file name such as cod.stnemucodtnatropmi.exe suddenly turns into some "important documents". The telltale "exe" at the beginning can be hidden further. For instance,

Read more here plus screenshots: http://www.h-online.com/security/news/item/Backwards-Unicode-names-hides-malware-and-viruses-1242114.html