Spammers using new URL obfuscation technique

Spammers and scammers are always on the lookout for new tricks to use to bypass URL filters and deliver the links to unsuspecting victims, and lately they have discovered that the use of the invisible “soft hyphen” – or “SHY character”, as it is sometimes called – in such links can help them do so.

The soft hyphen is represented in HTML4 as “­”, and it is used to represent line breaks within a word. The reason why scammers can sometimes successfully use it is because some commonly used Web browsers and email clients don’t render it, making the obfuscated URL look like a regular, correctly formatted URL, and the URL filters fail to react.

According to Symantec‘s Samir Patil, there are advanced content filters and signature technologies that spot and block such URLs, but I expect issues tied to the rendering inconsistencies will pop up more rarely – hopefully never! – when HTML5 becomes the standard and HTML code will finally be interpreted by all browsers in the same way.




Share this