The exploit, dubbed "Unitrix" by Avast Software, abuses Unicode for right-to-left languages -- such as Arabic or Hebrew -- to mask Windows executable files (.exe) as innocuous graphic images (.jpg) or Word documents (.doc).
Unicode is the computer industry standard for representing text with alpha-numeric codes.
The Unitrix exploit uses a hidden code (U+202E) that overrides right-to-left characters to display an executable file as something entirely different. Using that ploy, hackers can disguise a malicious file that ends with gpj.exe as a supposedly-safer photo_D18727_Coll exe.jpg by reversing the last six characters of the former.
"The typical user just looks at the extension at the very end of the file name; for example, .jpg for a photo. And that is where the danger is," said Jindrich Kubec, head of Avast's lab, in an email today. "The only way a user can know this is an executable file is if they have some additional details displayed elsewhere on their computer or if a warning pops up when they try and execute the file."
Microsoft's Internet Explorer 9 (IE9) uses a technology called to warn users of potentially-dangerous files downloaded from the Web.