1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The ultimate phishing tactic?

Discussion in 'BlackHat Lounge' started by Ste Fishkin, Apr 18, 2017.

  1. Ste Fishkin

    Ste Fishkin BANNED BANNED

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    8,214
    I saw this earlier:
    [​IMG]
    source: http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

    How awesome is that?

    I <3 Blackhat
     
    • Thanks Thanks x 17
  2. Society Girl

    Society Girl Marketplace Mod Staff Member Moderator Jr. VIP

    Joined:
    Feb 20, 2014
    Messages:
    657
    Likes Received:
    556
    Occupation:
    Customer Support
    Location:
    London
    Very good. Very good indeed. Strange that Safari is just like "Nah".
     
  3. flippera

    flippera Registered Member

    Joined:
    Apr 18, 2017
    Messages:
    75
    Likes Received:
    10
    Gender:
    Female
    damn thats some next level
     
  4. elavmunretea

    elavmunretea Elite Member

    Joined:
    May 14, 2016
    Messages:
    1,736
    Likes Received:
    2,327
    Home Page:
  5. archixet

    archixet Jr. VIP Jr. VIP

    Joined:
    Aug 23, 2013
    Messages:
    2,520
    Likes Received:
    506
    Gender:
    Male
    Occupation:
    Im a webcam model and a part-time bottle washer!!!
    thats some serious shit!
     
    • Thanks Thanks x 1
  6. FreshStart1Goal

    FreshStart1Goal Junior Member

    Joined:
    Jan 6, 2017
    Messages:
    128
    Likes Received:
    47
    Gender:
    Male
    I read this shit today and thought of posting it here but refrained thinking that people would really exploit this. Well.. :p btw fix is on the way
     
  7. Neon

    Neon BANNED BANNED Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    3,107
    Likes Received:
    7,706
    Gender:
    Male
    Good job Ste Phishkin !
     
    • Thanks Thanks x 8
  8. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,791
    Likes Received:
    11,439
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    This is big.

    I've been noticing more and more spam from these xx--encoded domains. This is probably part of the reason. If I decoded the domains they'd probably read like some famous western brand....

    Thanks for the share.
     
    • Thanks Thanks x 1
  9. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    205
    Likes Received:
    116
    Gender:
    Male
    Damn, that's insane.
    Hell, I'd fall for that!
     
  10. Ste Fishkin

    Ste Fishkin BANNED BANNED

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    8,214
     
    • Thanks Thanks x 6
  11. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,641
    Likes Received:
    3,531
    Location:
    Hell
    Home Page:
    So basically we are fucked.
     
    • Thanks Thanks x 1
  12. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,762
    Likes Received:
    1,163
    Occupation:
    Occupation
    Location:
    Location
    Sweet stuff. Kinda cute. :D It's good that BHW members are not that type of black hatters... Or are we? :rolleyes:
     
    • Thanks Thanks x 1
  13. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,405
    Likes Received:
    919
    Location:
    alert("Make Money")
    Home Page:
    insane...good post
     
  14. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    388
    Likes Received:
    216
    Occupation:
    DevOps
    Location:
    Whimsyshire
    this exists since ages. I really thought it's pretty common for attacks, the phishing 101

    nothing prevents you if you're opening unsolicited emails with brain.exe shut down
     
  15. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    205
    Likes Received:
    116
    Gender:
    Male
    So you knew "since ages" that if only foreign characters are used in a domain, major browsers would bypass converting them to punychars?

    Sure you did Einstein.

    If this is "Phishing 101" - then what do you teach in "Phishing 201"?
     
  16. Automation247

    Automation247 Regular Member

    Joined:
    Jan 21, 2014
    Messages:
    486
    Likes Received:
    171
    Gender:
    Male
    Occupation:
    Making some $$$
    Location:
    SPAMMING 24/7 FROM SOMEWHERE IN EUROPE
    Home Page:
    Don't worry guys, Chrome browser already patched it in his next update version.

    If you use Mozilla, you can change some advanced settings and then you're safe.
     
  17. virtualpurity

    virtualpurity Jr. VIP Jr. VIP

    Joined:
    Nov 12, 2012
    Messages:
    867
    Likes Received:
    500
    Occupation:
    SEO, Hosting
    Location:
    /root
    Home Page:
    He is right, this has been around for a long time... Almost 90% of the malware around is using this method for hijacking user sessions or credentials..

    If you think this method is the most advanced one out there than boy you got some reading to do...
     
  18. Brian Alexander

    Brian Alexander Regular Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    205
    Likes Received:
    116
    Gender:
    Male
    "Almost 90% malware" ?!?

    What are you smoking? That is COMPLETELY untrue.

    Also, I never said anything about this being the "most advanced one out there". I simply dismiss calling it "phishing 101".
     
  19. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,511
    Likes Received:
    8,438
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Learn something new every day i guess.
    The trick can be old, and i used something similar for spoofing usernames, but i would have never thought about using it this way.

    Although if these domains arrive via email, the sender's email address would need to be spoofed too for maximum effect, otherwise it wouldn't work, at least not on me. :)
    Until there's no browser fix, it's a quite good prevention method, what's mentioned in the last few paragraphs of the article.
     
  20. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,642
    Likes Received:
    11,376
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    @Brian Alexander Read first, have an opinion later, chew a gum instead of talking during the in between period.

    The attack vector is 15 years old, it even says it so explicitly on the exploit explanation page. What is new is this specific implementation's bypass over the browsers defensive measures.
     
    • Thanks Thanks x 1