Perhaps the oldest stealth hacking technique involves changing and altering file names and file extension types. The earliest examples took advantage of a major Microsoft Windows weakness whereby Windows would hide different types of file name extensions. This made it easier to send phishing bait that the user would readily click. <\/p>\n
For example, a hacker might send a file that is named: JenniferLawrenceNudePics.zip.exe<\/p>\n
Only, Microsoft Windows would remove the second extension type and display this file name as: <\/p>\n
JenniferLawrenceNudePics.zip<\/p>\n
Most computer users know well enough not to click on any executable file sent anonymously. But, without seeing the .exe a substantial percentage of people will click on the .zip file name. (At least, those interested in Jenninfer Lawrence.) <\/p>\n
Microsoft has since fixed most of the obvious, easy variants of this attack type. <\/p>\n
But, despite the fixes,this type of stealth attack type is far from extinct. The growth of internationalized websites and content has led to a newer, more sophisticated form of file renaming that leverages how Unicode characters can change the how a file name is displayed. For example, the Unicode character (U+202E) is called the \u2018Right to Left\u2019 override. Using it can fool certain systems into displaying a file actually named JenniferLawrenceNudeavi.exe AS
\nJenniferLawrenceNude.avi<\/p>\n
To protect yourself from this type of attack, never click on any attached file sent to your email unless you know, with 100% certainty, from whom it came. And even then, that email may be coming from a colleague or friend whose system has been hijacked. <\/p>\n","protected":false},"excerpt":{"rendered":"
Perhaps the oldest stealth hacking technique involves changing and altering file names and file extension types. The earliest examples took advantage of a major Microsoft Windows weakness whereby Windows would hide different types of file name extensions. This made it easier to send phishing bait that the user would readily click. For example, a hacker […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356,349],"tags":[64,430,431,48,423,428],"class_list":["post-7387","post","type-post","status-publish","format-standard","hentry","category-explainers","category-faqs","tag-cyber-crime","tag-file-extension-renaming","tag-file-renaming","tag-malware","tag-stealth-attack-types","tag-stealth-hacking-techniques"],"yoast_head":"\n