Here's an interesting thing for you security types to be aware of. Many of you probably are careful to screen attachment types to make sure that you don't unintentionally execute code that might be malicious.
Malware authors have discovered that by embedding a unicode control character in file names, they can cause the file name to read right-to-left (instead of the normal English left-to-right) and therefore obfuscate file extensions.
For example, "innocuous_cod.exe" could have the RLO character inserted after the underscore, and then it would read as "innocuous_exe.doc" (everything after the "_" is read right-to-left).
Here's a write-up with links to detected variants: http://blog.commtouch.com/cafe/malware/exe-read-backwards-spells-malware/
It took me a while to get this to work. Any good e-mail filter should catch
them still, but this would be useful for hosted files, and possibly
files inside archived directories.
Here are some (Win) methods for inserting Unicode characters into text:
www.fileformat.info/.../enter_unicode.htm, to input
The codes for RLO are 202E (hex) and 8238 (dec) and for LRO they are 202D (hex) and 8237 (dec).
I've made a copy of cmd.exe on my Win 7 (64 bit) desktop, renamed it
as "This is my cod.exe" and pasted the override character just before
the "c" in "cod" so that it is rendered as "This is my exe.doc" (a
working string is below for you to copy/paste). The icon still showed
as a command-line executable on my desktop so if I were compiling my
own exe, I'd be sure to make it appear as a Word 2003 doc.
Here is the working string, the RLO character seems to be just after
the 'c' i.e. at the end of the line, but is actually just before the
'c' in the middle of the string:
This is my cod.exe