Wednesday, November 26, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Europe Wants Right-to-be Forgotten to Go Globally
Far Cry 4 Game Available For Free With Purchase of 840 EVO SSD
UK Music Industry Seeks For New Tax on CD Copying
Samsung's DeepSort Sorting Engine Prevails In Benchmarks
Sony Plans E-Paper Watch: report
HP Reports Fiscal 2014 Full-Year and Fourth Quarter Results
Hitachi Wearable Device Monitors Brain Functions
Hitachi Technology Stores Digital Data In 100 Recording Layers, Data Can be Stored For 300 million Years
Active Discussions
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
 Home > News > General Computing > Sophos ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, December 15, 2011
Sophos Underlines Risks Of Mistyping Websites' URLs


Your fingers fumble over each other, and before you know it you're not on google.com but goole.com instead. However, there are people waiting to take advantage of it.

Security expert Paul Ducklin has taken an indepth look at the scale and the risk of the typosquatting industry: registering misspellings of popular website domain names in an attempt to profit from typing mistakes.

Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.

According to the report, 384 of the URLs (2.7%) downloaded when visiting a typosquat site fell into the loose category of cybercrime. That means they are, or have been, associated with hacking, phishing, online fraud or spamming. And 354 of the URLs (2.4%) were adult or dating sites.

The other categories highlighted in the breakdown give a high-level insight into the typosquatting ecosystem. Unsurprisingly, 15% of the URLs were tagged as advertising sites and popups; 12% related to IT and hosting, representing the large number of typosquats which offer to sell on a possibly-interesting domain name (domain parking, as it is often called) whilst mopping up undeserved click revenue; and 6% were classified as search sites.

Paul Ducklin also examined was the location of the servers hosting the typosquatting URLs.

The USA topped the list, hosting nearly two-thirds of the servers; Germany, China and the UK came in the next three spots. The British Virgin Islands (population approximately 30,000) and the Cayman Islands (about 60,000), which are offshore financial centres, made it into the top dozen.

The most overt bait-and-switch operation in the study abused the Apple and iTunes brands, squatting on 52 of the 241 Apple-related domains (22%) in the list, from www.abpple.com to www.applze.com.

The trick is simple. If you fat-finger www.apple.com and end up at the live-online-istore site, you see an Apple-like page.

This page appears to offer you iTunes software downloads for Windows and Mac. The "Download iTunes" button is the bait.

There is no iTunes download. If you click the button, you are whisked off to the mp3helpdesk site, which now claims to be offering you "unlimited downloads for just 0.99 a month".

Other brand misuse amongst our samples involved directly passing off the typosquat domain as the real thing. Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.

"Mistyping popular domain names wasn't as immediately dangerous as we had feared, with only one web page containing directly-malicious JavaScript," Ducklin said.

"But there were still plenty of risky URLs to which our browser was exposed simply by starting with a typosquat domain," he added.

Of the 14,495 URLs in the downloaded collection, 738 (5.1%) were categorised by SophosLabs as cybercrime or adult.


Previous
Next
Tablet Shipments Miss Third Quarter Targets, But Holiday Demand Will Spark Growth        All News        IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7
Microsoft So.cl Gives Students a New Way to Learn     General Computing News      IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7

Get RSS feed Easy Print E-Mail this Message

Related News
Social Networks Pose Security Risks
Top Ten Malware Threats Run on Microsoft Vista
Sophos Offers Free Rootkit Detection Tool

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .