Unicode Filename Hacking

By Deane Barker on October 3, 2011

‘Right-to-Left Override’ Aids Email Attacks: The actual utility on this is limited since, on Windows at least, you need to change a registry value for this to work in filenames.  Still, a little scary and hella obscure.

The RLO character (U+202e in unicode) is designed to support languages that are written right to left, such as Arabic and Hebrew. The problem is that this override character also can be used to make a malicious file look innocuous.

[…] The malicious file, CORPINVOICE08.14.2011Pr.phyldoc.exe, was made to display as CORPINVOICE08.14.2011Pr.phylexe.doc by placing the unicode command for right to left override just before the “d” in “doc”.

Gadgetopia