Spammers Using Soft Hyphen To Hide Malicious URLs

← Back to Stories (view on slashdot.org)

Spammers Using Soft Hyphen To Hide Malicious URLs

Posted by timothy on Thursday October 7, 2010 @09:32AM from the conservative-in-what-you-accept dept.

Trailrunner7 writes with this excerpt from ThreatPost illustrating the ongoing Spy-vs.-Spy battle between spammers and the rest of us: "Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers, spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore. Spammers aren't shy about jumping humans flexible cognitive abilities to slip past the notice of spam filters (H3rb41 V14gr4, anyone?). ... The latest trend involves the use of an obscure character called the soft hyphen or 'SHY' character to obscure malicious URLs in spam messages. Writing on the Symantec Connect blog, researcher Samir Patil said that the company has seen recent spam messages that insert the HTML symbol for the soft hyphen to obfuscate URLs for Web pages promoted by the spammers."

6 of 162 comments (clear)

Min score:

Reason:

Sort:

H3rb41 V14gr4? by MrEricSir · 2010-10-07 09:33 · Score: 4, Insightful

I never got the leet speak in spam thing. Sure, it might get past the filter, but who can read it? Are they trying to sell drugs to script kiddies?

--
There's no -1 for "I don't get it."
1. Re:H3rb41 V14gr4? by caffeinemessiah · 2010-10-07 09:43 · Score: 3, Insightful
  
  I never got the leet speak in spam thing. Sure, it might get past the filter, but who can read it? Are they trying to sell drugs to script kiddies?
  I don't know about you, but I can't stop trying to figure out what word they're trying to represent with the symbols. For example, I know the second word in your subject means viagra, but what is "H3rb41"? Oh..."herbal". It's naturally (perhaps unknowingly) targeted towards geeks and puzzle-solvers, which perhaps isn't the worst market to target available-without-human-contact penis drugs towards.
  
  --
  An old-timer with old-timey ideas.
2. Re:H3rb41 V14gr4? by maxwell+demon · 2010-10-07 10:02 · Score: 3, Insightful
  
  I thought the only situation where you need Viagra is exactly human contact (in the most literal meaning of the word).
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
Re:Why by KillaGouge · 2010-10-07 09:55 · Score: 4, Insightful

please ignore my parent post. It seems that GP is correct

--
GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
Re:What is it? by maxwell+demon · 2010-10-07 10:25 · Score: 3, Insightful

Are registrars accepting domain names with soft hyphens? And if so, why? It's rather obvious that such domain names would only be used for fraud.
IMHO registrars should not accept any non-printable character in domain names.

--
The Tao of math: The numbers you can count are not the real numbers.
Re:What is it? by sexconker · 2010-10-07 11:55 · Score: 3, Insightful

Yes, they are. Otherwise this story wouldn't exist.
Why? Because they like money, and don't give a fuck.
Of course they should not accept any non-printable characters.
Registrars are pretty much only half a step above the spammers in terms of ethics / shittiness.