Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order; this facility is used to write text in Arabic, Hebrew, and other right-to-left scripts. However, this can (and is) also used by malware creeps to disguise the names of the files they attach to their phishing emails. For example, the file "CORP_INVOICE_08.14.2011_Pr.phylexe.doc" is actually "CORP_INVOICE_08.14.2011_Pr.phyldoc.exe" (an executable file!) with a U+202e placed just before "doc."
This is apparently an old attack, but I've never seen it, and it's a really interesting example of the unintended consequences that arise when small, reasonable changes are introduced into complex systems like type-display technology.
Some email applications and services that block executable files from being included in messages also block .exe programs that are obfuscated with this technique, albeit occasionally with interesting results. I copied the program that powers the Windows command prompt (cmd.exe) and successfully renamed it so that it appears as “evilexe.doc” in Windows. When I tried to attach the file to an outgoing Gmail message, Google sent me the usual warning that it doesn’t allow executable files, but the warning message itself was backwards:
“evil ”cod.exe is an executable file. For security reasons, Gmail does not allow you to send “this type of file.
Unfortunately, many mail applications don’t or can’t reliably scan archived and zipped documents, and according to Commtouch and others, the malicious files manipulated in this way are indeed being spammed out within zip archives.
(via Command Line)
Adzerk, who serves ads for Bittorrent, Stackexchange, Reddit and other high-profile sites, will honor Do-Not-Track messages from readers’ browsers, and its ads will not be blocked by the major ad-blocking software.
James writes, “A blend of fact and fiction, players take on the role of an NSA agent tracking down the source of the leaks. They’ll discover the journalists involved, and the real messages sent by Snowden to them at the time.”
In contrast to yesterday’s post about the way the Internet is depicted in patent drawings, check out these photos of the Internet’s secret actual infrastructure.
SitePoint Premium is the ultimate e-learning library for web developers, designers, and digital professionals. Famous for their web development books written by industry leaders, they’ve expanded their content library to include in-depth video courses and short, handy screencasts partnering with A Book Apart and UX Mastery. Whatever you want to achieve in your web career, […]
Skip the technical jargon and get right to taking amazing, professional-quality photos with this complete training. The Hollywood Art Institute Photography Course includes 22 modules filled with tutorials on how to profit off of your photography, or simply capture your memories in the manner they deserve.Accredited by the Photography Education Accreditation CouncilDive into this 22 […]
Power up your gadgets in the most unexpected places with the extremely compact SolarJuice battery pack. SolarJuice charges up at home like your average battery pack, but also lets you add extra juice on-the-go using its built-in solar panel—so you’ll never be left unplugged from the digital world.4.5 Stars on Amazon!Simultaneously charges 2 devices at […]