Clever malware authors have come up with a way to disguise malicious executable files as innocuous data types by writing the file name backwards.
On May 11, analysts at Norman ASA (anti-virus software vendor based in Sweden) published details of the exploit in this report:"The RTLO unicode hole — sequence manipulation as an attack vector".
The trick is accomplished by using Unicode control characters such as 0x202E (right-to-left override) and 0x202B (right-to-left embedding) to reverse the direction of the text in the middle of a filename, and may be used to camouflage filename extensions in email attachments and on the web. Additional information can be found here (PDF) and here.
Although the payload is likely to be targeted at users of Microsoft Windows operating systems (which rely on filename extensions to determine whether a binary is executable) the exploit works on any operating system which handles Unicode correctly. That means Linux and UNIX-based operating systems, including Mac OS X, will also be fooled into displaying a deceptive filename.