Spammers fool filters with soft hyphen

Spammers are using a little-used soft hyphen to fool URL filtering devices on browsers.

Insecurity experts Symantec claim that spammers are using the soft hyphen character which many browsers ignore to force people to their sites.

Browsers have defences which enable them to recognise unwanted solicitations, phishing attempts and popups.

Symantec researcher Samir Patil wrote in his bog that the company has seen recent spam messages that insert the HTML symbol for the soft hyphen to obfuscate URLs for Web pages promoted by the spammers.

Using the soft hyphen means that users will see a properly formatted URL, while URL filters that rely on text matching will be fooled, Patil said.

Content analysis technologies that don’t rely on URL matching can spot the obfuscation and block the messages anyway. However e-mail users still need to be on guard and have anti malware and anti spam products running on their system, he wrote.

One of the big problems for Insecurity experts has been the inconsistent rendering of standard HTML elements. These are proving to be a loophole for spammers and phishers.

HTML 5 and browsers that support it should solve many of these problems. HTML 5 standardises how HTML code should be parsed by Web browsers and takes this control out of the hands of platform vendors, whatever they are when you’re at home.