[LINK] Google engineer finds British spyware on PCs and smartphones
Fernando Cassia
fcassia at gmail.com
Mon Sep 3 01:46:27 AEST 2012
On Sun, Sep 2, 2012 at 9:29 AM, Nicholas English <nik.english at gmail.com> wrote:
> said that their server had been broken into and that several
> demonstration copies of FinSpy had been stolen. However, analysts suspect
> that these were no demo copies.
https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/
These technical details are very interesting. I have to say, I had no
knowledge of a "right to left override" character and that thanks to
the windows shell´s good design (sarcasm) it´d allow a exe to
maskerade as something else like a .jpg) by flipping the characters in
a file name, so that someone.jpg.exe visually becomes someone.exe.jpg.
Scary!
FC
-----
The emails generally suggested that the attachments contained
political content of interest to pro-democracy activists and
dissidents. In order to disguise the nature of the attachments a
malicious usage of the “righttoleftoverride” (RLO) character was
employed. The RLO character (U+202e in unicode) controls the
positioning of characters in text containing characters flowing from
right to left, such as Arabic or Hebrew. The malware appears on a
victim’s desktop as “exe.Rajab1.jpg” (for example), along with the
default Windows icon for a picture file without thumbnail. But, when
the UTF-8 based filename is displayed in ANSI, the name is displayed
as “gpj.1bajaR.exe”. Believing that they are opening a harmless
“.jpg”, victims are instead tricked into running an executable “.exe”
file.4
-----
The pics are self-explanatory...
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
- George Orwell
More information about the Link
mailing list