1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The ultimate phishing tactic?

Discussion in 'BlackHat Lounge' started by Ste Fishkin, Apr 18, 2017.

  1. Ste Fishkin

    Ste Fishkin BANNED BANNED

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    8,215
    I saw this earlier:
    [​IMG]
    source: http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

    How awesome is that?

    I <3 Blackhat
     
    • Thanks Thanks x 17
  2. Society Girl

    Society Girl Guest Staff Member Moderator Jr. VIP

    Joined:
    Feb 20, 2014
    Messages:
    900
    Likes Received:
    681
    Occupation:
    Customer Support
    Location:
    London
    Very good. Very good indeed. Strange that Safari is just like "Nah".
     
  3. flippera

    flippera Registered Member

    Joined:
    Apr 18, 2017
    Messages:
    75
    Likes Received:
    10
    Gender:
    Female
    damn thats some next level
     
  4. elavmunretea

    elavmunretea Jr. VIP Jr. VIP

    Joined:
    May 14, 2016
    Messages:
    2,201
    Likes Received:
    2,934
    Home Page:
  5. archixet

    archixet Elite Member Premium Member

    Joined:
    Aug 23, 2013
    Messages:
    2,587
    Likes Received:
    573
    Gender:
    Male
    Occupation:
    Im a webcam model and a part-time bottle washer!!!
    thats some serious shit!
     
    • Thanks Thanks x 1
  6. FreshStart1Goal

    FreshStart1Goal Junior Member

    Joined:
    Jan 6, 2017
    Messages:
    136
    Likes Received:
    48
    Gender:
    Male
    I read this shit today and thought of posting it here but refrained thinking that people would really exploit this. Well.. :p btw fix is on the way
     
  7. Neon

    Neon Elite Member

    Joined:
    Nov 3, 2013
    Messages:
    3,171
    Likes Received:
    7,900
    Gender:
    Male
    Occupation:
    Traveling the world
    Good job Ste Phishkin !
     
    • Thanks Thanks x 8
  8. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    13,529
    Likes Received:
    12,173
    Occupation:
    MACHIN LURNIN
    Location:
    TUVALU
    Home Page:
    This is big.

    I've been noticing more and more spam from these xx--encoded domains. This is probably part of the reason. If I decoded the domains they'd probably read like some famous western brand....

    Thanks for the share.
     
    • Thanks Thanks x 1
  9. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    274
    Likes Received:
    158
    Gender:
    Male
    Damn, that's insane.
    Hell, I'd fall for that!
     
  10. Ste Fishkin

    Ste Fishkin BANNED BANNED

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    8,215
     
    • Thanks Thanks x 6
  11. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    6,322
    Likes Received:
    3,831
    Location:
    Hell
    So basically we are fucked.
     
    • Thanks Thanks x 1
  12. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,812
    Likes Received:
    1,195
    Occupation:
    Occupation
    Location:
    Location
    Sweet stuff. Kinda cute. :D It's good that BHW members are not that type of black hatters... Or are we? :rolleyes:
     
    • Thanks Thanks x 1
  13. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,408
    Likes Received:
    923
    Location:
    alert("Make Money")
    Home Page:
    insane...good post
     
  14. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    418
    Likes Received:
    229
    Occupation:
    DevOps
    Location:
    Whimsyshire
    this exists since ages. I really thought it's pretty common for attacks, the phishing 101

    nothing prevents you if you're opening unsolicited emails with brain.exe shut down
     
  15. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    274
    Likes Received:
    158
    Gender:
    Male
    So you knew "since ages" that if only foreign characters are used in a domain, major browsers would bypass converting them to punychars?

    Sure you did Einstein.

    If this is "Phishing 101" - then what do you teach in "Phishing 201"?
     
  16. Automation247

    Automation247 Regular Member

    Joined:
    Jan 21, 2014
    Messages:
    485
    Likes Received:
    172
    Gender:
    Male
    Occupation:
    Making some $$$
    Location:
    SPAMMING 24/7 FROM SOMEWHERE IN EUROPE
    Home Page:
    Don't worry guys, Chrome browser already patched it in his next update version.

    If you use Mozilla, you can change some advanced settings and then you're safe.
     
  17. virtualpurity

    virtualpurity Jr. VIP Jr. VIP

    Joined:
    Nov 12, 2012
    Messages:
    991
    Likes Received:
    577
    Occupation:
    SEO, Hosting
    Location:
    /root
    Home Page:
    He is right, this has been around for a long time... Almost 90% of the malware around is using this method for hijacking user sessions or credentials..

    If you think this method is the most advanced one out there than boy you got some reading to do...
     
  18. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    274
    Likes Received:
    158
    Gender:
    Male
    "Almost 90% malware" ?!?

    What are you smoking? That is COMPLETELY untrue.

    Also, I never said anything about this being the "most advanced one out there". I simply dismiss calling it "phishing 101".
     
  19. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,889
    Likes Received:
    8,753
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Learn something new every day i guess.
    The trick can be old, and i used something similar for spoofing usernames, but i would have never thought about using it this way.

    Although if these domains arrive via email, the sender's email address would need to be spoofed too for maximum effect, otherwise it wouldn't work, at least not on me. :)
    Until there's no browser fix, it's a quite good prevention method, what's mentioned in the last few paragraphs of the article.
     
  20. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,790
    Likes Received:
    12,226
    Occupation:
    Potentate
    Location:
    Asuncion
    @Brian Alexander Read first, have an opinion later, chew a gum instead of talking during the in between period.

    The attack vector is 15 years old, it even says it so explicitly on the exploit explanation page. What is new is this specific implementation's bypass over the browsers defensive measures.
     
    • Thanks Thanks x 1