The need for a reliable place to host your malicious website has been the bane of phishers for much of the last decade.
But, no longer.
A researcher at the University of Oslo in Norway says that page-less phishing and other untraceable attacks may be possible, using a tried and true internet communications standard: the uniform resource identifier, or URI.
Henning Klevjer, an information security student at the University of Oslo in Norway, suggests in a just-released research paper that it may be possible for attackers to dispense with phishing sites altogether, embedding their entire scam webpage in an encoded data URI that can be passed around from victim to victim.
URIs are strings of characters that identify a resource. The term encompasses the better-known Uniform Resource Locator (URL) and uniform resource name (URN). However, whereas URLs specify the location of a specific network resource and how it should be accessed (i.e. with HTTP, HyperText Transfer Protocol), URIs are more flexible and can even be used to host the data they “link” to.
Klevjer’s paper, “Phishing by data URI” [PDF], suggests ways that the malleability of the URI could be used to mask malicious content.
Read more on SOPHOS