Friday, January 28, 2011

Directly executable .txt?Yes!


I’m sure you know the good old trick with hidden extension, or multiple extensions, long file names, etc.. Today, we’re going to look at much more sophisticated way of confusing users. Did you think, that when you’ve got some file and clearly see, that the extension of this file is .txt, the file’s not directly executable? You were wrong.

How is it possible? It’s quite simple – thanks to UNICODE and its special characters. Namely the special character RLO (Start of right-to-left override).

6a00e5539a104188340148c690726c970c-800wi
Just take a file, name it “txt.exe”, insert the RLO character before it and.. the filename changes to “exe.txt”. However, it’s still executable file and the real extension is “.exe”. This could be definitely very confusing for users and also dangerous, so be careful and better scan your files (at least those downloaded from internet) before opening them.


Get more information about it @http://www.fileformat.info/info/unicode/char/202e/index.htm
You might also like:

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More