On Thu, 29 Nov 2018, Amir Caspi wrote:
1) A new variant is showing up lately, with liberal use of zero-width
spaces/joiners. See spample:
https://pastebin.com/zBVWaiew <https://pastebin.com/zBVWaiew>
This uses the ‍ (zero-width joiner) HTML entity, interspersed within words. I
don't see any legitimate reason that these should be present for Roman charsets and
other non-complex scripts that don't require it. Later in the spample there is similar
usage of the ​ (zero-width space) entity. I've seen a few other examples
with other zero-width entities, as well.
I'll see whether those can be incorporated into the existing
UNICODE_OBFU_ZW rule (which of course will no longer actually be UNICODE :) )
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows Genuine Advantage (WGA) means that now you use your
computer at the sufferance of Microsoft Corporation. They can
kill it remotely without your consent at any time for any reason;
it also shuts down in sympathy when the servers at Microsoft crash.
-----------------------------------------------------------------------
609 days since the first commercial re-flight of an orbital booster (SpaceX)
