Homograph Attack

What are Homographs..?

ASCII have several characters or pairs of characters that look alike are known as Homographs.

Eg: For example, 0 (the number) and O (the letter), “l” lowercase L, and “I” uppercase “i”.

In Cyrillic, Greek, Armenian and Hebrew alphabets we have very similar characters. Cyrillic З, Ч and б resemble the numerals 3, 4 and 6 and Symbols like ա can resemble Cyrillic ш.

How Hackers Get Benefit from IDN HomoGraphs..?

An attacker can do Advanced Phishing/Scamming Attacks with help of Internationalized Domain Name(IDN) Homograph Attacks. It was not an uneasy task to register a domain same as http://google.com with http://gססgle.com (in order to see the difference just copy paste the both links in your browser).

Here i’ve a demo page to show you how dangerous it is.

From the above two links you can see they looks very normal and identical. But after clicking the link only we can see the difference.

If we take a look in chrome we can’t even get the idea of which one is real link by doing simple mouse hovering and there’s no chance that we can check each and every link with html source.

Thanks to firefox, which will show you the original link when you hover your mouse on it.

We know how bad just clicking a link which looks like very genuine. The attacks may possible with a single click are

  • Dropping a Ransomware into victim machine.
  • Full compromise of victim machine.
  • Browser hooks or keylogging.
  • Phishing/Social Engineering.
  • Etc etc…

How to get rid of it..?

  • As all time best suggestion – “Trust No One”. Check url with firefox/sandboxing before clicking it.
  • Avoid processing Puny Code as ASCII in web applications.

References:

Leave A Comment

Your email address will not be published. Required fields are marked *