This Special Char Can Really SCREW You: RLO (right-to-left override)
You might want to find out how
Windows users, did you know that an .exe
or .bat
file can look like a .jpg
or .png
file with the RLO
(right-to-left override) character?
Here are two examples:
A batch file like comment_space-vs-gnp.bat
could look like an innocent PNG image like -> comment_space-vs-tab.png
And an EXE like luxury_picture_delugpj.exe
could seem ingenuous as an JPG picture -> luxury_picture_deluexe.jpg
With an embedded icon the EXE would also look like a picture thumbnail.
How is this possible?
When renaming a file like luxury_picture_delugpj.exe
in Windows -> place the cursor where you want the rest of the file name to appear spelled backwards (like luxury_picture_delu[CURSOR-HERE]gpj.exe
) -> press the right mouse button -> select Insert Unicode control character (sounds dodgy already, right?) -> and hit RLO -> press ENTER / save the file name -> and it's DONE
The file name should now appear as in the 1st picture above: luxury_picture_deluexe.jpg
. However, it is in fact still the very same EXE.
So, how to avoid getting screwed by an innocent looking ransomware, you may ask?
Simply and as ever before: NEVER TRUST FILE EXTENSIONS!
Plus: Some antivirus solutions might flag such RLO files as suspicious - so you might check out if yours does so.