Why Do Folders Start With Dots?

Many phishing sites include a period (.) at the start of a folder name. Here’s a sanitized example:

http://example.com/.bank/update.html

Why is there a period (.) at the start of the the .bank folder? In unix and unix-like environments, a period at the start of a folder or file name makes that object a hidden object. When phishers take over machines to host their sites, they’ll often put the site in a hidden directory to minimize the chance that the owner of the box will find it. Apache won’t show the folder in its directory listings, and neither will the ls program (like dir in dos) unless you use a special command-line parameter (-a).

Advertisements