Filed under: Security, Browsers
Some browsers -- and it's not clear from Symantec's post which Web browsers are affected, other than Firefox 2 -- simply ignore soft hyphens (HTML entity ­) found in URLs. A spammer can then create a link that looks like the real deal, but isn't. Basically, this is just one more tool in the link-obfuscation toolbox -- as long as you don't follow random links in emails, you should still be safe!
I couldn't get the example on the Symantec post to work in any of my browsers (Chrome 6 and 7, Firefox 3.6, Internet Explorer 9, or Opera), so I doubt this will blow up into a major issue. Most spam arrives via email, however, so perhaps it's more prudent to consider the potential vulnerability of Outlook, Eudora, and Thunderbird -- you should still see the malformed URL once you click on a link, though.
One other problem, as pointed out by Symantec, is that this hack could be used to bypass virus and malware scanners that filter sites by their URL, rather than their content -- but if that's the case, you should just get a proper virus scanner.
[via threatpost]
Spammers use 'fake hyphen' to hide malicious URLs originally appeared on Download Squad on Fri, 08 Oct 2010 06:42:00 EST. Please see our terms for use of feeds.
Permalink | Email this | CommentsSource: http://www.downloadsquad.com/2010/10/08/spammers-use-fake-hyphen-to-hide-malicious-urls/
FAIRCHILD SEMICONDUCTOR INTERNATIONAL FAIR ISAAC FACTSET RESEARCH SYSTEMS F5 NETWORKS
