Monday, December 22, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Introduces SE790C Curved Monitor
Chinese Motion-sensing VR Glasses Coming On Kickstarter
Kodak Returns To CES With Consumer Product Line
North Korea Suggests Joint Inverstigation With U.S. Over Sony Hacking
T-Mobile to Pay $90 Million To Settle Case With FCC
New Trojan Targetted Banks Wordlwide
FBI Confirms North Korea Was Behind Sony Hack
Apple Responds To BBC's Allegations Over Working Conditions In Chinese Factory
Active Discussions
Digital Audio Extraction and Plextools
Will there be any trade in scheme for the coming PSP Go?
Hello, Glad to be Aboard!!!
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
 Home > News > General Computing > Sophos ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, December 15, 2011
Sophos Underlines Risks Of Mistyping Websites' URLs


Your fingers fumble over each other, and before you know it you're not on google.com but goole.com instead. However, there are people waiting to take advantage of it.

Security expert Paul Ducklin has taken an indepth look at the scale and the risk of the typosquatting industry: registering misspellings of popular website domain names in an attempt to profit from typing mistakes.

Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.

According to the report, 384 of the URLs (2.7%) downloaded when visiting a typosquat site fell into the loose category of cybercrime. That means they are, or have been, associated with hacking, phishing, online fraud or spamming. And 354 of the URLs (2.4%) were adult or dating sites.

The other categories highlighted in the breakdown give a high-level insight into the typosquatting ecosystem. Unsurprisingly, 15% of the URLs were tagged as advertising sites and popups; 12% related to IT and hosting, representing the large number of typosquats which offer to sell on a possibly-interesting domain name (domain parking, as it is often called) whilst mopping up undeserved click revenue; and 6% were classified as search sites.

Paul Ducklin also examined was the location of the servers hosting the typosquatting URLs.

The USA topped the list, hosting nearly two-thirds of the servers; Germany, China and the UK came in the next three spots. The British Virgin Islands (population approximately 30,000) and the Cayman Islands (about 60,000), which are offshore financial centres, made it into the top dozen.

The most overt bait-and-switch operation in the study abused the Apple and iTunes brands, squatting on 52 of the 241 Apple-related domains (22%) in the list, from www.abpple.com to www.applze.com.

The trick is simple. If you fat-finger www.apple.com and end up at the live-online-istore site, you see an Apple-like page.

This page appears to offer you iTunes software downloads for Windows and Mac. The "Download iTunes" button is the bait.

There is no iTunes download. If you click the button, you are whisked off to the mp3helpdesk site, which now claims to be offering you "unlimited downloads for just 0.99 a month".

Other brand misuse amongst our samples involved directly passing off the typosquat domain as the real thing. Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.

"Mistyping popular domain names wasn't as immediately dangerous as we had feared, with only one web page containing directly-malicious JavaScript," Ducklin said.

"But there were still plenty of risky URLs to which our browser was exposed simply by starting with a typosquat domain," he added.

Of the 14,495 URLs in the downloaded collection, 738 (5.1%) were categorised by SophosLabs as cybercrime or adult.


Previous
Next
Tablet Shipments Miss Third Quarter Targets, But Holiday Demand Will Spark Growth        All News        IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7
Microsoft So.cl Gives Students a New Way to Learn     General Computing News      IE to Start Automatic Upgrades Across Windows XP, Windows Vista, and Windows 7

Get RSS feed Easy Print E-Mail this Message

Related News
Social Networks Pose Security Risks
Top Ten Malware Threats Run on Microsoft Vista
Sophos Offers Free Rootkit Detection Tool

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .