Spammers Using Soft Hyphen (SHY Character) As URL Obfuscation Technique

Spammers jumped on the little-used soft hyphen (SHY character) to fool URL filtering devices. According to researchers at Symantec, "Using the little-used and relatively unknown soft hyphen, spammers are pumping out malicious sites with domain names that bypass normal URL filtering methods.""The soft hyphen is a graphic character that's imaged by a graphic symbol identical […]

Spammers jumped on the little-used soft hyphen (SHY character) to fool URL filtering devices. According to researchers at Symantec, "Using the little-used and relatively unknown soft hyphen, spammers are pumping out malicious sites with domain names that bypass normal URL filtering methods."

"The soft hyphen is a graphic character that's imaged by a graphic symbol identical with, or similar to, representing hyphen (-). It's used when a line break has been established within a word. In HTML4 standards, soft hyphen is represented as "­". Since the shy character is ignored by many Web browsers and email clients, to users the obfuscated URL is seen as a normal clickable URL and clicking on this link will direct the user to a spam Web page."

One other problem, as pointed out by Symantec, is that this hack could be used to bypass virus and malware scanners that filter sites by their URL, rather than their content -- but if that's the case, you should just get a proper virus scanner.

[Source]