Spammers Using Soft Hyphen to Spoof URL’s FOR Web Pages
According to a recent trend spammers are exploiting little-used soft hyphen (a SHY character) to evade URL filtering devices. According to the security firm Symantec, spammers are larding up URLs for websites they endorse with the SHY character, which many web browsers overlook, as reported by Threat Post on 7TH October 2010.
The security firm further stated that this recent trend involves the use of an unclear character called "SHY" character to obscure malicious URLs in spam messages. Symantec stated that the company had noticed recent spam messages that embed the HTML symbol for the soft hyphen to spoof URLs for Web pages endorsed by the spammers.
The firm further added that, until now, they had seen the utilization of non-ASCII characters or certain special characters that were not seen in legal URLs to complicate the links or domains enclosed in spam messages. With such complication, content based anti-spam filters are not much effective against such variations, as reported by Infosecurity on October 8th 2010.
By making use of little and comparatively unknown soft hyphen, cybercriminals are rolling out malicious websites with domain names that evade normal URL filtering techniques.
According to security researchers, when cybercrooks make use of soft hyphens in a URL it can be formatted like this: www.imitation-site.com; but it will be furnished in the web browser like this: www.imitationsite.com. Users are only able to see what the web browser is furnishing. Thus, apart from evading URL filtering techniques that depend on text matching, the soft hyphen character can also be used for phishing attempts.
Meanwhile, Paul Roberts, IT security researcher at security firm Kaspersky stated a good news that more advanced content analysis technologies that don't depend on URL matching can spot the complication and stop the messages.
He further said that with the introduction of HTML 5 during the next few years and the web browsers that support it, many of such problems are expected to solve, as reported by infosecurity on 8th Oct. 2010.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 18-10-2010