Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Soft Hyphen To Hide Malicious URLs

Posted by timothy on from the conservative-in-what-you-accept dept.

Trailrunner7 writes with this excerpt from ThreatPost illustrating the ongoing Spy-vs.-Spy battle between spammers and the rest of us: "Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers, spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore. Spammers aren't shy about jumping humans flexible cognitive abilities to slip past the notice of spam filters (H3rb41 V14gr4, anyone?). ... The latest trend involves the use of an obscure character called the soft hyphen or 'SHY' character to obscure malicious URLs in spam messages. Writing on the Symantec Connect blog, researcher Samir Patil said that the company has seen recent spam messages that insert the HTML symbol for the soft hyphen to obfuscate URLs for Web pages promoted by the spammers."

7 of 162 comments (clear)

  1. So how often is it used legitimately? by JesseL · · Score: 4, Interesting

    Is there any good reason not to just call the presence of soft hyphens as a reliable indicator of spam and use it as the basis of a spam filter?

    --
    "Prefiero morir de pie que vivir siempre arrodillado!"
    1. Re:So how often is it used legitimately? by ceoyoyo · · Score: 2, Interesting

      I would think most spam filters would do that automatically as they learn.

      Symantec seems to think people still use character-for-character text matching spam filters that don't learn. Maybe Symantec products do.

    2. Re:So how often is it used legitimately? by TheRaven64 · · Score: 1, Interesting

      Hyphenating long words in German is pretty easy. Long words are usually compound words and they are correctly broken at the word boundaries. Hyphenating English automatically is actually a harder problem than hyphenating German, and is made harder by the fact that English and American have different rules for when you are supposed to hyphenate.

      --
      I am TheRaven on Soylent News
    3. Re:So how often is it used legitimately? by jthill · · Score: 2, Interesting
      DNS permits everything in domain names. You can implement any restrictions you want on names you issue on your own authority, but

      Implementations of the DNS protocols must not place any restrictions on the labels that can be used. In particular, DNS servers must not refuse to serve a zone because it contains labels that might not be acceptable to some DNS client programs.

      --
      As always, all IMO. Insert "I think" everywhere grammatically possible.
  2. Obligatory Kajagoogoo by Anonymous Coward · · Score: 0, Interesting

    Tongue-tied, (I'm) short of breath, don't even try
    Try a little harder
    Something's wrong, you're not naive, you must be strong
    Ooh, baby, try
    Hey girl, move a little closer.
    You're

    CHORUS:
    Too shy shy
    Hush hush, eye to eye
    Too shy shy
    Hush hush, eye to eye
    Too shy shy
    Hush hush, eye to eye
    Too shy shy

  3. Good News! by hardburn · · Score: 2, Interesting

    So now spam filters will pick up on soft hyphens used in URIs inside emails (when was the last time you saw one used legitimately?), making the spam easier to spot.

    --
    Not a typewriter
  4. Re:H3rb41 V14gr4? by MysteriousPreacher · · Score: 2, Interesting

    I never understood how it actually worked, except as you suggested, the script kiddy crowd are heavily in to giving money to strangers in exchange for uber zomg epic sexual prowess.

    Maybe I'm old fashioned, but I'm kind of reluctant to whip out my credit card to buy something from a company that employs mittens-wearing illiterates to write their adverts. Sure I'll eat at a Chinese restaurant with an amusingly translated menu, but that's a little different.

    --
    -- Using the preview button since 2005