Wednesday, April 16, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Reports Lower Than Expected First Quarter revenue
AMD Demonstrates Next-Gen x86 APU Running Fedora Linux
Lenovo Introduces A to Z and FLEX 2 series Of Laptops and Desktops
Japanese Court Rejects Mt Gox Bankruptcy Protection Application
LaCie Warns Of Security Breech
Smartphone Makers, Carriers To Support Anti-theft Initiative
Samsung Galaxy S5 Carries A Very High Bill of Materials
Intel's Quarterly Net Better Than Expected
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Sophos ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, December 15, 2011
Sophos Underlines Risks Of Mistyping Websites' URLs


Your fingers fumble over each other, and before you know it you're not on google.com but goole.com instead. However, there are people waiting to take advantage of it.

Security expert Paul Ducklin has taken an indepth look at the scale and the risk of the typosquatting industry: registering misspellings of popular website domain names in an attempt to profit from typing mistakes.

Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.

According to the report, 384 of the URLs (2.7%) downloaded when visiting a typosquat site fell into the loose category of cybercrime. That means they are, or have been, associated with hacking, phishing, online fraud or spamming. And 354 of the URLs (2.4%) were adult or dating sites.

The other categories highlighted in the breakdown give a high-level insight into the typosquatting ecosystem. Unsurprisingly, 15% of the URLs were tagged as advertising sites and popups; 12% related to IT and hosting, representing the large number of typosquats which offer to sell on a possibly-interesting domain name (domain parking, as it is often called) whilst mopping up undeserved click revenue; and 6% were classified as search sites.

Paul Ducklin also examined was the location of the servers hosting the typosquatting URLs.

The USA topped the list, hosting nearly two-thirds of the servers; Germany, China and the UK came in the next three spots. The British Virgin Islands (population approximately 30,000) and the Cayman Islands (about 60,000), which are offshore financial centres, made it into the top dozen.

The most overt bait-and-switch operation in the study abused the Apple and iTunes brands, squatting on 52 of the 241 Apple-related domains (22%) in the list, from www.abpple.com to www.applze.com.

The trick is simple. If you fat-finger www.apple.com and end up at the live-online-istore site, you see an Apple-like page.

This page appears to offer you iTunes software downloads for Windows and Mac. The "Download iTunes" button is the bait.

There is no iTunes download. If you click the button, you are whisked off to the mp3helpdesk site, which now claims to be offering you "unlimited downloads for just 0.99 a month".

Other brand misuse amongst our samples involved directly passing off the typosquat domain as the real thing. Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.

"Mistyping popular domain names wasn't as immediately dangerous as we had feared, with only one web page containing directly-malicious JavaScript," Ducklin said.

"But there were still plenty of risky URLs to which our browser was exposed simply by starting with a typosquat domain," he added.

Of the 14,495 URLs in the downloaded collection, 738 (5.1%) were categorised by SophosLabs as cybercrime or adult.


Previous
Next
Tablet Shipments Miss Third Quarter Targets, But Holiday Demand Will Spark Growth        All News        IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7
Microsoft So.cl Gives Students a New Way to Learn     General Computing News      IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7

Get RSS feed Easy Print E-Mail this Message

Related News
Social Networks Pose Security Risks
Top Ten Malware Threats Run on Microsoft Vista
Sophos Offers Free Rootkit Detection Tool

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .