Hackers Turn over File Characters for Camouflaging Their Malware

According to security analysts at Avast Software, one fresh attack code exploits utilities within Unicode the text representative standard of computing companies for disguising malicious executables such that they may seem as "secured" downloads having .jpg or .doc extensions. Avast calls it "Unitrix," so reported MarketWatch in news dated September 7, 2011.

Essentially created for exhibiting words read from right-to-left like Hebrew or Arabic, the 'Unicode' turns over the written content that's exhibited following the incorporation of concealed malicious codes like the 'right-to-left override,' 0x202E into the file's label. An instance of this is of a malicious executable that concludes with "gpj.exe" but shows up to the receiver like a rather innocuous appearing "photo_D18727_Collexe.jpg."

According to head Jindrich Kubec of Avast Lab, the standard end-user when reading a file name merely glances at the end of the extension like .jpg that represents an image file but really ends up endangered. The sole method by which he can recognize a file as an executable is when he has certain extra information exhibited elsewhere on his PC alternatively incase an alert pops up whilst he attempts at running the file, the chief states additionally. ComputerWorld published this on September 7, 2011.

In August 2011, Avast Software's virus laboratory found that malware detections rose consistently when the peak on a daily basis was more than 25,000. And as per MarketWatch's news reported on September 7, 2011, Kubec states that the traffic trend and e-mail messages prove that the attacks clearly targeted profit-seeking enterprises. They were wholly launched in the work days of a week when malware identifications fell below 5,000 everyday.

Meanwhile, a malware installer which is a Unitrix file of the commonest type has links with many URL addresses that subsequently work as C&C (command-and-control) centers. Kubec explains that with the help of Avast's analysis of more than 50 samples, it looks like belonging to certain pay-per-installation network that can dispatch various malware to contaminated end-users.

Nevertheless, Avast also found that Windows-based computers having the deceptively delivered Trojan infection belonged to certain pay-per-install network hired out for loading other cyber-crooks' malicious software onto the systems.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 9/17/2011