Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
International Domain Name Support Opens New Door for Phishers PDF Print E-mail
Written by Editor   
Monday, 07 February 2005 13:55
The International Domain Name (IDN) support in various browsers could allow attackers to spoof domain name URLs and SSL certs to dupe unsuspecting users into giving up potentially sensitive information. Back in December 2001 a paper was released by Evgeniy Gabrilovich and Alex Gontmakher discussing the The Homograph Attack, an attack that used Unicode URLs to spoof a website URL. Move forward to 2005, now Verisign championed International Domain Names (IDN) and IDN support is implemented within every recent gecko/khtml based browser with the only exception Internet Explorer, however there is a plug-in available for IE to implement it.

Those nice people at the Shmoo Group have come along and developed some up to date proof of concept for subverting IDNs as discussed in their advisory. At the time of publishing most of the Mozilla browsers, Safari, Omniweb and Opera are vulnerable to spoofing using IDN. If your using a Mozilla based browser it is possible by disabling IDN support to prevent possible spoofing attacks.

It shouldn’t be too long before the phishers pick up on this, so we are advising users to be very wary of links in emails. Remember most banks will NEVER email you to reset passwords, ask you to confirm details, etc., they will announce issues on their web site or send you a snail mail. If you suspect a potential attack, there are a couple of methods you can use to help determine if a URL is fake, you can copy the link and paste into notepad under Windows or some other similar tool on other operating systems, which would allow you to see the raw URL and view what character set the string is in. For SSL certs, if you view the details of the cert check the domain, if it is prefixed by the string xn- then the cert is for an IDN and you would be advised not to proceed.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 23:19 )