1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The ultimate phishing tactic?

Discussion in 'BlackHat Lounge' started by Ste Fishkin, Apr 18, 2017.

  1. Ste Fishkin

    Ste Fishkin Jr. VIP Jr. VIP Premium Member

    Joined:
    May 14, 2011
    Messages:
    2,047
    Likes Received:
    10,421
    • Thanks Thanks x 17
  2. Society Girl

    Society Girl Moderator Staff Member Moderator Jr. VIP

    Joined:
    Feb 20, 2014
    Messages:
    455
    Likes Received:
    475
    Occupation:
    Customer Support
    Location:
    London
    Very good. Very good indeed. Strange that Safari is just like "Nah".
     
  3. flippera

    flippera Registered Member

    Joined:
    Apr 18, 2017
    Messages:
    75
    Likes Received:
    10
    Gender:
    Female
    damn thats some next level
     
  4. elavmunretea

    elavmunretea BANNED BANNED

    Joined:
    May 14, 2016
    Messages:
    1,579
    Likes Received:
    2,091
    Very similar to this then:

    https://www.blackhatworld.com/seo/you-can-now-register-emoji-domains.930518/
    https://www.dnacademy.com/emoji-domains
     
  5. archixet

    archixet Jr. VIP Jr. VIP

    Joined:
    Aug 23, 2013
    Messages:
    2,345
    Likes Received:
    423
    Gender:
    Male
    Occupation:
    Im a webcam model and a part-time bottle washer!!!
    thats some serious shit!
     
    • Thanks Thanks x 1
  6. FreshStart1Goal

    FreshStart1Goal Junior Member

    Joined:
    Jan 6, 2017
    Messages:
    125
    Likes Received:
    47
    Gender:
    Male
    I read this shit today and thought of posting it here but refrained thinking that people would really exploit this. Well.. :p btw fix is on the way
     
  7. Neon

    Neon Jr. VIP Jr. VIP

    Joined:
    Nov 3, 2013
    Messages:
    2,704
    Likes Received:
    6,355
    Gender:
    Male
    Occupation:
    Traveling the world
    Location:
    Berlin
    Good job Ste Phishkin !
     
    • Thanks Thanks x 8
  8. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,041
    Likes Received:
    10,830
    Occupation:
    WHEREZ MA
    Location:
    BITCOINS AT?
    Home Page:
    This is big.

    I've been noticing more and more spam from these xx--encoded domains. This is probably part of the reason. If I decoded the domains they'd probably read like some famous western brand....

    Thanks for the share.
     
    • Thanks Thanks x 1
  9. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    150
    Likes Received:
    69
    Gender:
    Male
    Damn, that's insane.
    Hell, I'd fall for that!
     
  10. Ste Fishkin

    Ste Fishkin Jr. VIP Jr. VIP Premium Member

    Joined:
    May 14, 2011
    Messages:
    2,047
    Likes Received:
    10,421
     
    • Thanks Thanks x 3
  11. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,029
    Likes Received:
    3,206
    Location:
    Hell
    Home Page:
    So basically we are fucked.
     
    • Thanks Thanks x 1
  12. littlewebdragon

    littlewebdragon Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2007
    Messages:
    1,671
    Likes Received:
    826
    Occupation:
    Occupation
    Location:
    Location
    Sweet stuff. Kinda cute. :D It's good that BHW members are not that type of black hatters... Or are we? :rolleyes:
     
    • Thanks Thanks x 1
  13. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,402
    Likes Received:
    918
    Location:
    alert("Make Money")
    Home Page:
    insane...good post
     
  14. RightFootFanatic

    RightFootFanatic Regular Member

    Joined:
    May 31, 2015
    Messages:
    316
    Likes Received:
    176
    Occupation:
    DevOps
    Location:
    Whimsyshire
    this exists since ages. I really thought it's pretty common for attacks, the phishing 101

    nothing prevents you if you're opening unsolicited emails with brain.exe shut down
     
  15. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    150
    Likes Received:
    69
    Gender:
    Male
    So you knew "since ages" that if only foreign characters are used in a domain, major browsers would bypass converting them to punychars?

    Sure you did Einstein.

    If this is "Phishing 101" - then what do you teach in "Phishing 201"?
     
  16. Automation247

    Automation247 Regular Member

    Joined:
    Jan 21, 2014
    Messages:
    486
    Likes Received:
    169
    Gender:
    Male
    Occupation:
    Making some $$$
    Location:
    SPAMMING 24/7 FROM SOMEWHERE IN EUROPE
    Home Page:
    Don't worry guys, Chrome browser already patched it in his next update version.

    If you use Mozilla, you can change some advanced settings and then you're safe.
     
  17. virtualpurity

    virtualpurity Jr. VIP Jr. VIP

    Joined:
    Nov 12, 2012
    Messages:
    722
    Likes Received:
    415
    Occupation:
    SEO, Hosting
    Location:
    /root
    Home Page:
    He is right, this has been around for a long time... Almost 90% of the malware around is using this method for hijacking user sessions or credentials..

    If you think this method is the most advanced one out there than boy you got some reading to do...
     
  18. Brian Alexander

    Brian Alexander Junior Member UnGagged Attendee

    Joined:
    Aug 12, 2016
    Messages:
    150
    Likes Received:
    69
    Gender:
    Male
    "Almost 90% malware" ?!?

    What are you smoking? That is COMPLETELY untrue.

    Also, I never said anything about this being the "most advanced one out there". I simply dismiss calling it "phishing 101".
     
  19. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    6,954
    Likes Received:
    7,984
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Learn something new every day i guess.
    The trick can be old, and i used something similar for spoofing usernames, but i would have never thought about using it this way.

    Although if these domains arrive via email, the sender's email address would need to be spoofed too for maximum effect, otherwise it wouldn't work, at least not on me. :)
    Until there's no browser fix, it's a quite good prevention method, what's mentioned in the last few paragraphs of the article.
     
  20. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,566
    Likes Received:
    11,026
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    @Brian Alexander Read first, have an opinion later, chew a gum instead of talking during the in between period.

    The attack vector is 15 years old, it even says it so explicitly on the exploit explanation page. What is new is this specific implementation's bypass over the browsers defensive measures.
     
    • Thanks Thanks x 1