depler Posted May 8, 2017 Report Share Posted May 8, 2017 I've just downloaded torrent with one file in it - the formal name of file should be "123.avi.exe" (which is typical for viruses and trojans). Now, interesting thing is that name is encoded in UTF16-LE as following bytes: FFFE3100320033002E002D202E202D202E206900760061002E00650078006500 which gives us strange, partially reversed over ".exe" text (try to move cursor left-to-right and you will be surprised): 123.iva.exe But the bad part of all - is that utorrent showing non-suspicious ".avi" extension while when you double click it in GUI - it goes as as ".exe" and program runs. You can test it yourself by creating dummy file with the name I wrote above. Screenshots attached. Please fix this by preventing to run executables if it's name contains special characters (like Total Commander does). Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 9, 2017 Report Share Posted May 9, 2017 I will get it looked into. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.