Security Threat From International Domain Names

WASHINGTON, DC – Website owners have a new security threat to worry about in the form of malicious websites spoofing the web addresses of other, unsuspecting, established websites, through the use of international domain names as a way to garner sales through brand confusion.

A variation of the "homograph attack" which exploits weaknesses in the methods that certain web browsers display domain names using non-English characters. This new threat is used by malicious hackers and criminals bent on identity-theft by luring unsuspecting surfers into divulging their personally identifying, and other sensitive information.

The attacks are carried out in a way that exploits character resemblance. For instance, the number "0" and the letter "O" are similar enough to fool unwary users into believing that a fraudulent site is actually the website the surfer was trying to reach.

The exploit takes advantage of new policies from the Internet Engineering Task Force and other concerned groups that support domain names registered in certain national alphabets that use non-English characters. This Internationalized Domain Name (IDN) program enables many non-English speakers to more easily use the Internet, but does so at the expense of creating such opportunities for hackers to carry out these malicious attacks.

Declaring the vulnerability "moderately critical," Copenhagen-based Secunia warned users of the affected browsers about the new threat following a demonstration of this most recent style of homograph attack at hacker convention ShmooCon, held recently in Washington.

According to the The Shmoo Group, browsers such as Firefox 1.0, Apple's Safari Version 1.2.5, and Opera's Version 7.54, are all susceptible to the IDN homograph form of attack, however, Microsoft's Internet Explorer browser isn't thought vulnerable, despite its popularity as a target for attacks.