[a_d_13]

Hello,

This is old news, but I found out that TrendMicro has blogged about malware using the Unicode right-to-left override character to make a file appear to be legitimate. Attached to this post is a RAR that contains two files. Firstly, an EXE that has been renamed to appear to be a JPG file, with the icon set to the default Windows image icon. The EXE is not malware - it simply shows a messagebox and then exits. I have added a TXT file that contains the name of the file, saved in Unicode. Open it in a hex editor to see what the raw encoding is.

If anyone has samples of malware that use this trick, please post them here.

Thanks,
--AD

[Meriadoc]

Sorry about bumping up older thread but I'm still playing catchup from time away.

Is this technique of reverting text,..as Trend said, 'commonly associated with spamming in the past' as was a way to get a file through spam filters by looking legitimate?

AD is that what you have done here? Just wanted to make sure I was thinking of the same thing.

edit: its okay, downloaded thanks, must be samples handy as this is straight forward and was popular.

[EP_X0FF]

Another one incident :D

Can we believe our eyes?