Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Soft Hyphen To Hide Malicious URLs

Posted by timothy on from the conservative-in-what-you-accept dept.

Trailrunner7 writes with this excerpt from ThreatPost illustrating the ongoing Spy-vs.-Spy battle between spammers and the rest of us: "Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers, spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore. Spammers aren't shy about jumping humans flexible cognitive abilities to slip past the notice of spam filters (H3rb41 V14gr4, anyone?). ... The latest trend involves the use of an obscure character called the soft hyphen or 'SHY' character to obscure malicious URLs in spam messages. Writing on the Symantec Connect blog, researcher Samir Patil said that the company has seen recent spam messages that insert the HTML symbol for the soft hyphen to obfuscate URLs for Web pages promoted by the spammers."

4 of 162 comments (clear)

  1. What is it? by iONiUM · · Score: 5, Funny

    Why didn't they just put the friggin character in the summary so I didn't have to read the article?

    Anyways, according to the article it's &shy, which looks "identical to a regular hyphen." Are you happy now slashdot? I had to read TFA to find that out.

  2. Re:Why by TopSpin · · Score: 5, Informative

    Why don't modern browsers render this character?

    The character isn't supposed to be rendered. Soft hyphen indicates where to break words if necessary. The hyphens are not rendered if the word doesn't need to be broken.

    --
    Lurking at the bottom of the gravity well, getting old
  3. The Wrongest Part by SuperKendall · · Score: 5, Funny

    The thing that really grates on the nerves, is using a soft-hypen to sell Viagra.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. Re:Why by Man+Eating+Duck · · Score: 5, Informative

    I'm a pretty IT-savvy guy, but WHAT IS that bloody character?

    Say you're laying out a book. You have the word Sauerkraut at a line wrap, but it is broken into Sauerk-raut because your layout software don't know where to break it. You then put in a soft hyphen between r and k, this indicates to your software that this word should be broken there. It turns into Sauer-kraut which is correct.

    Later you get angry with the Sauerkraut and call it "bloody Sauerkraut". Now the whole word will be at the next line, and the soft hyphen won't show because your software doesn't need to break the word. Thus you can insert these freely without fretting about words containing a hyphen later on, they'll only be rendered when used as a hint.

    HTH

    --
    Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)