[Esd-l] Re: Phish sanitizing...
hutchins at tarcanfel.org
Fri Feb 18 12:22:32 PST 2005
On Friday 18 February 2005 02:15 pm, Sanitizer List wrote:
> Agreed (FWIW). All the phishing I've seen here have been modified domain
> names <in the source>.
> And resolvable to `behind-the-iron-curtain`. (while not wanting to reopen
> old wounds...)
The trick is that the new spoofing trick using Internationalized Domain Names
- names that are allowed to contain non-ASCII characters - mostly uses
Cyrillic characters that don't show up in the address bar, so you don't see
the extra characters in the domain and it looks like a valid address. There
are also Cryillic characters that show up as ASCII characters in western
I'm sure there are some other regions that use similar characters for IDN's,
but these are the ones that are being implemented now, that's why they appear
to resolve as Estern Bloc locations.
More information about the esd-l