This Insane Virus Trick Would Have Fooled Me - Watch Out!

:_ThioJoeThonkang:Big bruh moment :_ThioJoeManyThink: >>> I'll also emphasize the point I make at 3:49 in case people comment before watching that long - There doesn't have to be 2 periods in the filename, so "Test.exe.docx" could very well just be "Testexe.docx" - I put the other period there to make it easier to show the real file extension. So it might not be very obvious at all that this trick is used, depending on the real file extension and how they name it. For example, "arcs.docx" could really be a .scr file and the filename might not be suspicious, especially depending on the context, like naming it "character_arcs.docx" or something. There are tons of potentially malicious / exploitable filetypes out there that could be used.

I worked professionally on computers since Win 3.1, read everything religiously and never heard of anything close to this. Stunning.

I still don't understand why Microsoft had ever chosen to hide file extensions as a default. It's the first thing I fix when I install Windows. In this case it's not the same cause, but having file extensions enabled helps.

Fun fact: At the old days of youtube, you can put RTLO in your username. So when somebody attempting to mention you, they probably confused and accuse you of being a witch

AV software COULD scan for these "control" type characters within file names. Seems like an obvious thing to scan for.

As a security professional and having been in IT over 40 years I am also surprised that I hadn't come across this before too. Very informative, thank you.

Here's the crazy part: you can nest the overrides. You can move the extension to the beginning and mask it as a file that has a . to appear at the top... [RTL]txt.sevituc[LTR].exe will appear as .executives.txt

1:20 There's a faster way if you already know the character's Unicode number. Type in 202E into notepad (or anywhere else) and press Alt + X. This will convert it to the unicode character. If you hit Alt + X again it will revert it back. Although the "reverting to number" part doesn't work for letters from A to F because they can already be considered to be hexdecimal numbers.

I think the simplest trick is to just rightclick and check properties, as it tells it's an executable. Or hovering over it.

another simple way to spot it is to use detail view. it shows the extension correctly there.

insane this is allowed to happen man keeping folder view on detail & showing "file type" off to the right as a column might help, i usually glance at that to be sure of what im clicking on

Just make sure your download folder's view style is set to Details mode. That way, you can see what type of file it is from the Type section. People should do this by default for a couple of reasons, anyway. First, some file names are too long to see the extension by default, so this is actually even easier. Second, the download folders is usually way too disorganised to to have large chunky icons like a Desktop. Third, the "Details" view has way more useful information like the Date Modified time stamp and size for easy location of files and deleting large files. I'm pretty sure Windows already sets the Downloads folder this way by default, anyway.

I will say, Windows Defender/Security does detect this if you try and spoof another extension. That can be gotten around with spaces in the file name, Cyrillic characters/other look-alike characters, etc; but... it does at least try to stop this from harming you most of the time.

I’ve been working with pcs since the stone ages of DOS and I suspected something like this was behind some of the weird attachments I’ve seen, but didn’t get it until your vid. Thx. I’ve been raging at Microsoft for years for hiding file extensions and not just forcing users to understand what they are and how they work. It’s a simple concept and there’s no reason any pc user couldn’t learn it, but when you try to make things idiot proof, all you do is turn your users into idiots because they never learn the basics. Today I see so many users that don’t know the difference between a shortcut, and a folder, and a zip archive because they have all been confusingly glossed over and never taught to users. Good vid! I recommend!

10/10 The IT department footage is the most accurate depiction of what we do that I've ever seen in my entire life.

Windows should really really implement a special icon that indicate a file is a executable. Like how shortcut have a arrow pointing at it on the bottom right.

Wow, that's rad. I work in the IT industry and actually have a good knowledge. But this was completely new to me that there are Unicode characters with this effect. Thanks for the education! So many won't know that, let alone non-IT people out there.

This is one of the reasons why you should always disable the "Hide extentions for known file types" in Folder Options.

as an IT Admin, I always use the windows sandbox to open files that I don't trust or generally download from the internet from an untrusted source! : )

Yeah this is a very old trick. Most people are not aware is this. I have used this trick for saving certain things and then renaming it when I needed it. Yes virus can hide in there but a there are ways that you can find them too. Or even prevent this from happening. Great video.