Obfuscated URLs no match for zvelo
The post goes on to speculate that URL filters would have difficulty detecting and blocking the obfuscated URLs, leaving users vulnerable to these attacks. While many web filtering vendors may be susceptible to this attack, end-users within zveloNET™ are protected from these obfuscated URLs, because zvelo provides categorization across all websites users actually visit–what we refer to as the ActiveWeb.
Using the example of playboy.com, the URL can be expressed in many different ways including the few examples below:
http://216.163.137.68
http://3634596164
http://0xd8.0xa3.0x89.0x44
http://0xd8.0xa3.0x89.68
http://0330.0243.0211.0104
http://000000330.0xa3.137.0104
http://0xD8A38944
http://033050704504
As shown on the Test a Site tool, zvelo correctly interprets these encoded addresses and detects each of these URLs as Pornography/Sex, the same as the domain playboy.com.
With the example found by Kaspersky, vendors that do not accurately filter these URLs leave users vulnerable to dangerous banking Trojans and end-user evasions. Malicious campaigns using this technique have been seen in the past and due to their effectiveness will be used in the future.
The URL categorization and malicious website detection capabilities of zvelo, backed by the Quality Assurance conducted by dozens of multi-lingual human Web Analysts, provides an ideal layer of security that can be easily implemented into most web filtering applications, to help counter these obfuscation technique.
