Such attacks, of course, only work if Unicode domain names are allowed. This is one of the few times that Internet Explorer users are safer than Mozilla/Firefox users, as IE doesn't support international domain names out of the box. If you're using Firefox, you may be able to fix it by following the following procedure (via bOING bOING):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo again and notice it no longer works.
Of course, if you practice safe web access, you won't be entering your bank details or whatever after following a link (however kosher-looking) from an untrusted source in the first place, but only after having typed it in with your own hands or selected it from your local bookmarks.
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.