Critical Exploit Alert! New exploit discovered regarding [IDNs] and phishing that looks 100% legit! This is a must read!
Exploit alert level SEVERE! Phishing technique made to look 100% legit!
What is all of this about?
Today I received an alert from US-CERT Security Tips via email. This is a mailing list that I'm subscribed too that alerts me of any new security exploits, or vulnerabilities that System Administrator should be aware of. This is a free service provided by the US Government and I would like to welcome any to subscribe to their mailing list. You may click the link below for more information on how you can subscribe to their mailing list to receive similar alerts if this type of thing catches your interest.
You may have been exposed to internationalized domain names (IDNs) without realizing it. While they typically do not affect your browsing activity, IDNs may give attackers an opportunity to redirect you to a malicious web page.
To decrease the amount of confusion surrounding different languages, there is a standard for domain names within web browsers. Domain names are included in the URL (or web address) of web site. This standard is based on the Roman alphabet (which is used by the English language), and computers convert the various letters into numerical equivalents. This code is known as ASCII (American Standard Code for Information Interchange). However, other languages include characters that do not translate into this code, which is why internationalized domain names were introduced.
To compensate for languages that incorporate special characters (such as Spanish, French or German) or rely completely on character representation (such as Asian or Arabic languages), a new system had to be developed. In this new system, the base URL (which is usually the address for the home page) is dissected and converted into a format that is compatible with ASCII. The resulting URL (which contains the string "xn--" as well as a combination of letters and numbers) will appear in your browser's status bar. In newer versions of many browsers, it will also appear in the address bar.
Attackers may be able to take advantage of internationalized domain names to initiate phishing attacks (see Avoiding Social Engineering and Phishing Attacks for more information). Because there are certain characters that may appear to be the same but have different ASCII codes (for example, the Cyrillic "a" and the Latin "a"), an attacker may be able to "spoof" a web page URL. Instead of going to a legitimate site, you may be directed to a malicious site, which could look identical to the real one. If you submit personal or financial information while on the malicious site, the attacker could collect that information and then use and/or sell it.
* Type a URL instead of following a link - Typing a URL into a browser rather than clicking a link within a web page or email message will minimize your risk. By doing this, you are more likely to visit the legitimate site rather than a malicious site that substitutes similar-looking characters.
* Keep your browser up to date - Older versions of browsers made it easier for attackers to spoof URLs, but most newer browsers incorporate certain protections. Instead of displaying the URL that you "think" you are visiting, most browsers now display the converted URL with the "xn--" string.