1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The ultimate phishing tactic?

Discussion in 'BlackHat Lounge' started by Ste Fishkin, Apr 18, 2017.

  1. Ste Fishkin

    Ste Fishkin BANNED BANNED Jr. VIP

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    5,008
    I saw this earlier:
    [​IMG]
    source: http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

    How awesome is that?

    I <3 Blackhat
     
    • Thanks Thanks x 17
  2. Society Girl

    Society Girl Moderator Staff Member Moderator Jr. VIP

    Joined:
    Feb 20, 2014
    Messages:
    458
    Likes Received:
    492
    Occupation:
    Customer Support
    Location:
    London
    Very good. Very good indeed. Strange that Safari is just like "Nah".
     
  3. flippera

    flippera Registered Member

    Joined:
    Apr 18, 2017
    Messages:
    75
    Likes Received:
    10
    Gender:
    Female
    damn thats some next level
     
  4. elavmunretea

    elavmunretea Elite Member

    Joined:
    May 14, 2016
    Messages:
    1,590
    Likes Received:
    2,147
    Home Page:
  5. archixet

    archixet Jr. VIP Jr. VIP

    Joined:
    Aug 23, 2013
    Messages:
    2,466
    Likes Received:
    462
    Gender:
    Male
    Occupation:
    Im a webcam model and a part-time bottle washer!!!
    thats some serious shit!
     
    • Thanks Thanks x 1
  6. FreshStart1Goal

    FreshStart1Goal Junior Member

    Joined:
    Jan 6, 2017
    Messages:
    125
    Likes Received:
    47
    Gender:
    Male
    I read this shit today and thought of posting it here but refrained thinking that people would really exploit this. Well.. :p btw fix is on the way
     
  7. Neon

    Neon Jr. VIP Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    2,854
    Likes Received:
    6,914
    Gender:
    Male
    Occupation:
    Traveling the world
    Location:
    Berlin
    Good job Ste Phishkin !
     
    • Thanks Thanks x 8
  8. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,489
    Likes Received:
    11,189
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    This is big.

    I've been noticing more and more spam from these xx--encoded domains. This is probably part of the reason. If I decoded the domains they'd probably read like some famous western brand....

    Thanks for the share.
     
    • Thanks Thanks x 1
  9. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    180
    Likes Received:
    90
    Gender:
    Male
    Damn, that's insane.
    Hell, I'd fall for that!
     
  10. Ste Fishkin

    Ste Fishkin BANNED BANNED Jr. VIP

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    5,008
     
    • Thanks Thanks x 3
  11. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,296
    Likes Received:
    3,375
    Location:
    Hell
    Home Page:
    So basically we are fucked.
     
    • Thanks Thanks x 1
  12. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,708
    Likes Received:
    1,041
    Occupation:
    Occupation
    Location:
    Location
    Sweet stuff. Kinda cute. :D It's good that BHW members are not that type of black hatters... Or are we? :rolleyes:
     
    • Thanks Thanks x 1
  13. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,403
    Likes Received:
    919
    Location:
    alert("Make Money")
    Home Page:
    insane...good post
     
  14. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    347
    Likes Received:
    192
    Occupation:
    DevOps
    Location:
    Whimsyshire
    this exists since ages. I really thought it's pretty common for attacks, the phishing 101

    nothing prevents you if you're opening unsolicited emails with brain.exe shut down
     
  15. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    180
    Likes Received:
    90
    Gender:
    Male
    So you knew "since ages" that if only foreign characters are used in a domain, major browsers would bypass converting them to punychars?

    Sure you did Einstein.

    If this is "Phishing 101" - then what do you teach in "Phishing 201"?
     
  16. Automation247

    Automation247 Regular Member

    Joined:
    Jan 21, 2014
    Messages:
    486
    Likes Received:
    169
    Gender:
    Male
    Occupation:
    Making some $$$
    Location:
    SPAMMING 24/7 FROM SOMEWHERE IN EUROPE
    Home Page:
    Don't worry guys, Chrome browser already patched it in his next update version.

    If you use Mozilla, you can change some advanced settings and then you're safe.
     
  17. virtualpurity

    virtualpurity Jr. VIP Jr. VIP

    Joined:
    Nov 12, 2012
    Messages:
    764
    Likes Received:
    442
    Occupation:
    SEO, Hosting
    Location:
    /root
    Home Page:
    He is right, this has been around for a long time... Almost 90% of the malware around is using this method for hijacking user sessions or credentials..

    If you think this method is the most advanced one out there than boy you got some reading to do...
     
  18. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    180
    Likes Received:
    90
    Gender:
    Male
    "Almost 90% malware" ?!?

    What are you smoking? That is COMPLETELY untrue.

    Also, I never said anything about this being the "most advanced one out there". I simply dismiss calling it "phishing 101".
     
  19. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,307
    Likes Received:
    8,272
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Learn something new every day i guess.
    The trick can be old, and i used something similar for spoofing usernames, but i would have never thought about using it this way.

    Although if these domains arrive via email, the sender's email address would need to be spoofed too for maximum effect, otherwise it wouldn't work, at least not on me. :)
    Until there's no browser fix, it's a quite good prevention method, what's mentioned in the last few paragraphs of the article.
     
  20. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,243
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    @Brian Alexander Read first, have an opinion later, chew a gum instead of talking during the in between period.

    The attack vector is 15 years old, it even says it so explicitly on the exploit explanation page. What is new is this specific implementation's bypass over the browsers defensive measures.
     
    • Thanks Thanks x 1