Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order; this facility is used to write text in Arabic, Hebrew, and other right-to-left scripts. However, this can (and is) also used by malware creeps to disguise the names of the files they attach to their phishing emails. For example, the file "CORP_INVOICE_08.14.2011_Pr.phylexe.doc" is actually "CORP_INVOICE_08.14.2011_Pr.phyldoc.exe" (an executable file!) with a U+202e placed just before "doc."
This is apparently an old attack, but I've never seen it, and it's a really interesting example of the unintended consequences that arise when small, reasonable changes are introduced into complex systems like type-display technology.
Some email applications and services that block executable files from being included in messages also block .exe programs that are obfuscated with this technique, albeit occasionally with interesting results. I copied the program that powers the Windows command prompt (cmd.exe) and successfully renamed it so that it appears as “evilexe.doc” in Windows. When I tried to attach the file to an outgoing Gmail message, Google sent me the usual warning that it doesn’t allow executable files, but the warning message itself was backwards:
“evil ”cod.exe is an executable file. For security reasons, Gmail does not allow you to send “this type of file.
Unfortunately, many mail applications don’t or can’t reliably scan archived and zipped documents, and according to Commtouch and others, the malicious files manipulated in this way are indeed being spammed out within zip archives.
(via Command Line)
On the one hand, if you let an untrusted stranger install hardware in your electronic device, you’re opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go […]
Businesses like Adobe Stock use large, visible watermarks to deter copyright infringement; a new paper presented by Google Researchers to the Computer Vision and Pattern Recognition shows that these watermarks can be reliably detected and undetectably erased by software.
Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that “real people” don’t need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]