14 DAY TRIAL // A new type of malware fools people into opening malicious programs masqueraded as images, music or documents.
The new threat utilizes features of Unicode to show .exe files as apparently harmless ones, analysts calling this new exploit “Unitrix.”
A standard Unicode function, normally used to display alphabets in which the words are spelled from right to left, is misused by the malware to reverse the name of the file in the same way. After a special override code is added, a complete transformation occurs, turning something like cod.exe into exe.doc.
“The typical user just looks at the extension at the very end of the file name; for example, jpg for a photo. And that is where the danger is,” revealed Jindrich Kubec, head of the AVAST Virus Lab.
“The only way a user can know this is an executable file is if they have some additional details displayed elsewhere on their computer or if a warning pops up when they try and execute the file,” he also states.
The malicious tool seems to be aimed strictly at businesses, as on weekends the number of attacks drops under 5000, while on weekdays they peak at 25000, revealed a study performed by Avast.
It seems as a malware downloader with connections to several URL addresses is the most commonly found Unitrix. These addresses serve as the source of commands for the downloader, which after specifying a request to one of them obtains a reply telling it what to download and execute.
The best way for users to protect themselves against these types of threats is by verifying the suspicious attachment in a file manager application. By checking its proprieties, it can be determined if it's actually an executable and not a document, or whatever the hacker wants the victim to believe.
Updated anti-virus solutions should detect any possible threats, preventing the execution or at least posting a warning message.