“adoḅe.com” , “adobe.com” notice any difference?
Hackers have been performing homograph attack using punycode encoding methods on look alike domain name – ‘adoḅe.com’ ( similar to adobe.com ) to spread Malware for a while.
Homograph attack is an attack that takes advantage of non ASCCI characters that looks similar but different in different languages. In this type of attack, the attackers buy domain names that are similar to the existing ones and use this name for phishing and other attacks. Since the domain name is similar, people wont be suspicious.
eg – http://www.g00gle.co.uk and http://bl00mberg.com
For DNS to handle non latin addresses, they are encoded in a special format known as Punycode and all browsers translate non-ASCII URLs into Punycode in the background before performing a DNS lookup. A this type of domain name always starts with an xn-- and then contains ASCII characters of the original address followed by encoded Unicode data.
Using the above mentioned method, in most of the browsers, xn--adoe-x34a.com is seen as “http://adoḅe.com/” making the users think that they are visiting legitimate website “http://adobe.com/”
“This site was hosting malware on http://get.xn--adoe-x34a.com/es/flashplayer/flashplayer26_pp_xa_install.exe
This will be seen as http://get.adoḅe.com/es/flashplayer/flashplayer26_pp_xa_install.exe in browsers, confusing the victim.” A security researcher Ankit Anubhav, reported this active attack in pastebin a few hours ago.- Click here to see original post
The site resembles adobe’s flash player download page and looks legitimate. Once the victim enters the site, it will prompt the user to download a file named “flashplayer27_pp_xa_install.exe” which is actually a malware. When this script is downloaded and installed malicious script will start to run in the victims machine.
The actual link to the file is “http://get.xn--adoe-x34a.com/es/flashplayer/flashplayer27_pp_xa_install.exe” but in a browser, it will be seen as “http://get.adoḅe.com/es/flashplayer/flashplayer26_pp_xa_install.exe”, misleading the users with fake URL.
When this file was uploaded to Virus Total, 51 out of 64 engines detected this file as malware.
So it is always a good idea to have a good antivirus/antimalware software updated.
Source: https://pastebin.com/52WEZADt
Discover creative ways to recycle old electronics into new, useful gadgets. Turn your electronic waste…
Explore the top 10 advanced LED projects that go beyond basic lighting. Perfect for electronics…
The integration of UV resin into the PCB production process represents a great achievement and…
Discover essential tips for electronics engineering graduates to gain practical experience, from internships to DIY…
Learn essential tips on setting up your workspace, choosing the right tools, and starting your…
The electronics sector is about to undergo a revolutionary period that will be characterized by…