Thursday, April 20, 2017

Phishing with Unicode Domains

“Phishing with Unicode Domains” is an interesting phishing attack resurfaced by a security researcher named Xudong Zheng last week.
In this phishing attack, it is impossible to identify whether a site is fraudulent one by just checking the SSL certificate + the URL in the URL bar.

Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack.

Original article: https://www.xudongz.com/blog/2017/idn-phishing/
POC: https://www.xn--80ak6aa92e.com/
https://en.wikipedia.org/wiki/IDN_homograph_attack
Posted by at 1 comment:
Subscribe to: Posts (Atom)