« previous next »
Pages: [1]   Go Down

Author Topic: MAC Malware with bidirectional unicode  (Read 866 times)

Offline gunug

  • TS Addict
  • *****
  • Posts: 6710
  • TS Palindrome
    • View Profile
MAC Malware with bidirectional unicode
« on: July 22, 2013, 11:58:37 AM »
I think if I saw things popping up with reversed characters I'd probably think something was up:

QUOTE
Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files.

http://www.f-secure.com/weblog/archives/00002576.html
Logged
"If there really is no beer in heaven then maybe at least the
computers will work all of the time!"

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
MAC Malware with bidirectional unicode
« Reply #1 on: July 22, 2013, 01:08:18 PM »
I'm assuming you're talking about this <F-Secure> blurb last week? As it points out, the purpose is to hide the true extension so they will open something that will then install some malware. Apple's Gatekeeper could even let this problem file through, without warning, if it had an Apple approved, developer signature. I think this is another reason to keep the entire file name/extension visible in Finder (Prefs->Advanced->Show all filename extensions). That way, you won't even have to depend on Gatekeeper to warn you, you can actually see the double extension text, even if it's not backwards! wink.gif "What you don't see can hurt you!"
Logged
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:
Pages: [1]   Go Up
« previous next »