Backwards written Unicode hides malware and viruses!!!

Just want to have a nice chat with your beer? Go ahead ;-)

Backwards written Unicode hides malware and viruses!!!

Postby aguilarojo » 21 May 2011, 00:04

The Webzine "The H Security" recently published a detailed article explaining how malware and viruses are embedded within a backward written executable file which executes within Intel based Linux, Windows and OS X systems! I suspect that this executable cannot be run within PowerPC systems for the same reasons that PowerPC systems cannot run Intel based executables natively without emulation programs. In other words, if a PowerPC user shuts down or quits the emulation program allowing one to run Windows or other Intel based programs then that individual or institution cannot be infected by this strategy.

Here's the story!!!
Last edited by aguilarojo on 29 May 2012, 20:30, edited 3 times in total.

Everything on the Earth has a purpose.
Every disease an herb to cure it.
And every person has a mission.
This is the Indian Theory of Existence.
-- Morning Dove, Salish (1888-1936)
User avatar
aguilarojo
ydl guru
ydl guru
 
Posts: 227
Joined: 06 May 2009, 14:50
Location: New York City

Re: Backwards written Unicode hides malware and viruses!!!

Postby NeoAmsterdam » 21 May 2011, 05:30

This is yet another reimplementation of the "hide the extension" vector. OS X and Linux implement UTF-8 and a UTF-8 bytestream is exceedingly unlikely to be confused for executable code - doubly so if the target is x86.

This lame exploit is correct Unicode functionality, not a Unicode vuln.

( :lol: ¿t! əsnqɐ ʇ,uɐɔ noʎ ɟ! əpoɔ!un s! pooɓ ʇɐɥʍ 'səp!səq)
shutdown -h now # Will the last person to leave please remember to turn off the lights?
User avatar
NeoAmsterdam
ydl lover
ydl lover
 
Posts: 66
Joined: 19 Dec 2004, 12:52
Location: NYC


Return to Speaker's Corner

Who is online

Users browsing this forum: No registered users and 3 guests

cron