Never-before-seen "binary file posing as text file" malware

[igor_kavinski]

Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions in a URL

Security analytics firm Mandiant recently uncovered a "never-before-seen" attack chain that used Base 64 encoding on at least two different websites to deliver the second-stage payload of...

www.techspot.com

The second stage, dubbed "Emptyspace," is a text file that appears blank to browsers and text editors. However, opening it with a hex editor reveals a binary file that uses a clever encoding scheme of spaces, tabs, and new lines to create executable binary code. Mandiant admits it has never seen this technique used before.

So look out for empty looking text files!

 

[mindless1]

Seems easily avoidable by not doing what you're not supposed to be doing anyway - don't launch questionable files from a questionable flash drive, then you never get the needed stage 1 malware to begin with.