New Pishing Technique.

For discussions about security.
Post Reply
User avatar
pp4mnklinux
Posts: 1317
Joined: Wed Aug 19, 2020 5:43 pm
Has thanked: 684 times
Been thanked: 330 times

New Pishing Technique.

Post by pp4mnklinux »

It hasn't been long since Google launched .zip domains, allowing anyone to register an address on the internet with this extension.

But this short window has been enough for them to be widely used in phishing campaigns by cybercriminals, who are also getting very convincing results with little effort.

Only Firefox Advise you when an @ appears in the url.

To better understand why you are getting these results, you need to understand how a URL works. For a browser, the information between "https://" and "@" is considered as user data, which may or may not be useful, depending on the context of the application. What follows "@" is taken as the name of the server. Modern browsers ignore the user data and redirect the user directly to the URL's nameserver. However, if slashes are added to the URL before the "@", the browser interprets everything after it as the path, ignoring the server part of the URL.

Para evitar este comportamiento, es posible utilizar ciertos caracteres Unicode que se parecen a la barra legítima (/), pero que para el navegador son considerados como datos enviados por el usuario, por lo tanto, descartables. Esto permite a un delincuente informático crear URLs muy convincentes que parecen genuinas, que apuntan a una "descarga" de un archivo .zip.
En el siguiente ejemplo, hemos registrado el dominio http://v17.zip, que apunta precisamente a este artículo y puede pasar fácilmente como la descarga de la última versión pública de la famosa herramienta de seguridad SQLMap.

Siguiendo las indicaciones anteriores, solo tendremos que colocar la URL imitando el contenido de la original entre "https://", cambiando los slash por los códigos Unicode U+2044 (⁄) o U+2215 (∕), y al final añadir "@" antes del dominio recién comprado http://v17.zip. Se crea una URL que redirige a la víctima a un servidor que en este caso es controlado por DragonJAR, pero que bien podría ser una URL maliciosa. Este enfoque tiene una alta tasa de éxito ya que la URL parece casi idéntica a la URL legítima, incluso para personas afines a la tecnología.

You must verify always the URLs.... but FireFox advise you... Another reason to go for it.

What do you think about this problem ?

‐----------------edited-----------

@ vs .zip / 2 ways to make u crazy => 😉

Last edited by pp4mnklinux on Sat May 20, 2023 9:10 pm, edited 1 time in total.
Top
User avatar
Flash
Moderator
Posts: 1023
Joined: Tue Dec 03, 2019 3:13 pm
Location: Arizona, U.S.
Has thanked: 58 times
Been thanked: 138 times

Re: New Pishing Technique.

Post by Flash »

What do .zip domains have to do with @ in a URL?

Chaos coordinator :?
Top
User avatar
Keef
Posts: 291
Joined: Tue Dec 03, 2019 8:05 pm
Has thanked: 3 times
Been thanked: 80 times

Re: New Pishing Technique.

Post by Keef »

It seems to be explained here:
https://www.theregister.com/2023/05/17/ ... v_domains/
..but concludes that it may not be that big a deal.

Top
User avatar
Flash
Moderator
Posts: 1023
Joined: Tue Dec 03, 2019 3:13 pm
Location: Arizona, U.S.
Has thanked: 58 times
Been thanked: 138 times

Re: New Pishing Technique.

Post by Flash »

That's a really well written article. :thumbup2:

Chaos coordinator :?
Top
Post Reply

Return to “Security”