The Homograph Attack

This page presents an example of The Homograph Attack described by Evgeniy Gabrilovich and Alex Gontmakher. (See "The Homograph Attack", Communications of the ACM, 45(2):128, February 2002. Click here for the full-length paper in PDF, or here for the HTML archive of the CACM Inside Risks column at SRI).

To prove the feasibility of this kind of attack, we legally registered (at a homographic variant of the domain name "" which incorporates Russian language characters.

Here is the forged name http://www.miсrоsо and here is the real thing
Can you tell the difference ?

Here is another example and the accompanying IDN advisory.

Important note

Most browsers currently need a special client application iClient distributed by in order to handle multilingual domain names. Also, some browsers might display this name in a garbled way (encoded in the ASCII/English version of the international characters as Naturally, when the multilingual infrastructure implementation is finalized, the name will be displayed correctly.

We are in the news !

Here is a brief list of articles that discuss our idea:


The example domain name (miсrоsо was only registered as a feasibility proof of the described attack.
"Microsoft" is a registered trademark of Microsoft Corporation.

Evgeniy Gabrilovich

Last updated on July 28, 2006