Hackers flip filenames to create “safe” file extensions !!!

[INDRANIL]

Here goes the current security threat, Unicode feature misused to infect computers on a payment-per-install basis .

PRAGUE, Czech Republic, September 7, 2011 -- “What you see is not what you get,” thanks to a new wave of malware that misuses a special language display feature to trick people into opening supposedly “safe” files. The new exploit misuses features in Unicode – the computing industry’s standard for representing text – to mask executable malware as “safe” files with a .doc or .jpg extension. It has been named "Unitrix" by AVAST Software analysts.

The Unicode feature is designed to display alphabets written in a right-to-left schema such as Arabic or Hebrew and flips the displayed text after special hidden codes such as 0x202E (right-to-left override) are added to the file name. For example, the executable malware file ending with “gpj.exe” is displayed to the recipient as the more innocent sounding “photo_D18727_Collexe.jpg”.

Source: AVAST Virus Lab

The typical user just looks at the extension at the very end of the file name; for example, jpg for a photo. And that is where the danger is,” said Jindrich Kubec, head of the AVAST Virus Lab. “The only way a user can know this is an executable file is if they have some additional details displayed elsewhere on their computer or if a warning pops up when they try and execute the file.”

So keep your eyes open and stay safe . Have a nice time .

More & Source .

[Raymond]

This is a few months old technique... Now only Avast! posting this?
Moreover, there are some conditions to be met for Windows 7 in order to be vulnerable to this exploit.