Stealth Attack Types: Renaming File Names and Extensions

Home / Resources / Explainers / Stealth Attack Types: Renaming File Names and Extensions

Perhaps the oldest stealth hacking technique involves changing and altering file names and file extension types. The earliest examples took advantage of a major Microsoft Windows weakness whereby Windows would hide different types of file name extensions. This made it easier to send phishing bait that the user would readily click.

For example, a hacker might send a file that is named:

Only, Microsoft Windows would remove the second extension type and display this file name as:

Most computer users know well enough not to click on any executable file sent anonymously. But, without seeing the .exe a substantial percentage of people will click on the .zip file name. (At least, those interested in Jenninfer Lawrence.)

Microsoft has since fixed most of the obvious, easy variants of this attack type.

But, despite the fixes,this type of stealth attack type is far from extinct. The growth of internationalized websites and content has led to a newer, more sophisticated form of file renaming that leverages how Unicode characters can change the how a file name is displayed. For example, the Unicode character (U+202E) is called the ‘Right to Left’ override. Using it can fool certain systems into displaying a file actually named JenniferLawrenceNudeavi.exe AS

To protect yourself from this type of attack, never click on any attached file sent to your email unless you know, with 100% certainty, from whom it came. And even then, that email may be coming from a colleague or friend whose system has been hijacked.