I think an issue here is Google is showing "ɢoogle" as "ɢoogle.com" and not "xn--oogle-wmc.com". The .com TLD has no support for IDNA2008 so they allow registration of these similar-looking unicode TLDs. This is why if you paste ɢoogle.com in your browser it will show the punycode instead. Basically it looks like Google is decoding punycode for all TLDs, not just those that support IDNA2008.
This shows the problems with unicode in domain names. Some Cyrillic characters look exactly like Latin characters but have different codepoints, e.g. a (0x61) and а (0xB0D0). This is pretty important for businesses whose domain include an a, like banks.<p>Google is now noticing that those malicious domains don't even have to be an exact visual match but a similar looking one is sufficient to trick users.
Accessing the domain in question (ɢoogle.com) redirects to this fairly bizarre chain of subdomains<p><pre><code> http://money.get.away.get.a.good.job.with.more.pay.and.you.are.okay.money.it.is.a.gas.grab.that.cash.with.both.hands.and.make.a.stash.new.car.caviar.four.star.daydream.think.i.ll.buy.me.a.football.team.money.get.back.i.am.alright.jack.ilovevitaly.com/</code></pre>
Popovs argument seems to contradict his statement as seen in this other Motherboard article: <a href="https://motherboard.vice.com/read/this-pro-trump-russian-is-spamming-google-analytics" rel="nofollow">https://motherboard.vice.com/read/this-pro-trump-russian-is-...</a><p>Before:<p>> “I was fully prepared from April, but I wait. I could begin in a month before the elections and on a wave of the anti-Russian hysteria to receive a lot of traffic,” he said.<p>Later:<p>> “Lie! Not my domain!” Popov writes in bright red text regarding the site with dodgy pop-ups.<p>> “Lie! I'm not a spammer!” he continues.<p>Either someone is running an extensive anti-Popov campaign or Popov is realising that the campaign has been a huge mistake.
Cached version (as original URL is returning 404):<p><a href="http://webcache.googleusercontent.com/search?q=cache:KZq3KBVYLhYJ:motherboard.vice.com/read/google-is-battling-a-russian-spammer-over-the-use-of-the-letter-g+&cd=1&hl=en&ct=clnk&gl=au" rel="nofollow">http://webcache.googleusercontent.com/search?q=cache:KZq3KBV...</a>
My coworker built a little tool to identify potential domain spam problems:
<a href="http://upsidedown.domains/alternate.html?google" rel="nofollow">http://upsidedown.domains/alternate.html?google</a>
I stumbled upon this vulnerability during a white hat phishing test. The success rate was very high when I used the alternate G domains even among hard core IT folks. People have a tendency to overlook the difference. At that point I faced an ethical dilemma: should I just forget about this or maybe publish something? Neither options seemed right. Finally decided to get all the unreserved domain names for the fortune 500. Had to set a limit somewhere... To my surprise 102 of the vulnerable 103 fortune 500 was still available. Now I own these domains... If these companies want them, I am happy to transfer them over. If they do not care, I just let them expire. For my company - we set the spam filters according, changed our web proxies, and also own the alternate domains. I also submitted a bug report with a major software vendor, because their solution further amplified the problem. They are working on a fix...
unicode in domains is tricky; on the one hand; it's good that we can allow people whom have non-ascii characters in their language to create domains using them, but it introduces the problems pointed out here. It would be sane to say that, when you abuse the system to trick people (as is clear with the google and lifehacker examples), that the registration is voided (and barred from future use).<p>Maybe it should be restricted to certain TLD's though; e.g. only allow the unicode characters in TLD's that have a good reason for using them. That way, it won't be an issue for .com/.net/etc.