[Esd-l] Re: Phish sanitizing...

Jonathan Hutchins hutchins at tarcanfel.org
Fri Feb 18 12:22:32 PST 2005

On Friday 18 February 2005 02:15 pm, Sanitizer List wrote:

> Agreed (FWIW).  All the phishing I've seen here have been modified domain
> names <in the source>.

> And resolvable to `behind-the-iron-curtain`. (while not wanting to reopen
> old wounds...)

The trick is that the new spoofing trick using Internationalized Domain Names 
- names that are allowed to contain non-ASCII characters - mostly uses 
Cyrillic characters that don't show up in the address bar, so you don't see 
the extra characters in the domain and it looks like a valid address.  There 
are also Cryillic characters that show up as ASCII characters in western 

I'm sure there are some other regions that use similar characters for IDN's, 
but these are the ones that are being implemented now, that's why they appear 
to resolve as Estern Bloc locations.

More information about the esd-l mailing list