Sophos Underlines Risks Of Mistyping Websites' URLs
Your fingers fumble over each other, and before you know it you're not on google.com but goole.com instead. However, there are people waiting to take advantage of it.
Security expert Paul Ducklin has taken an indepth look at the scale and the risk of the typosquatting industry: registering misspellings of popular website domain names in an attempt to profit from typing mistakes.
Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.
According to the report, 384 of the URLs (2.7%) downloaded when visiting a typosquat site fell into the loose category of cybercrime. That means they are, or have been, associated with hacking, phishing, online fraud or spamming. And 354 of the URLs (2.4%) were adult or dating sites.
The other categories highlighted in the breakdown give a high-level insight into the typosquatting ecosystem. Unsurprisingly, 15% of the URLs were tagged as advertising sites and popups; 12% related to IT and hosting, representing the large number of typosquats which offer to sell on a possibly-interesting domain name (domain parking, as it is often called) whilst mopping up undeserved click revenue; and 6% were classified as search sites.
Paul Ducklin also examined was the location of the servers hosting the typosquatting URLs.
The USA topped the list, hosting nearly two-thirds of the servers; Germany, China and the UK came in the next three spots. The British Virgin Islands (population approximately 30,000) and the Cayman Islands (about 60,000), which are offshore financial centres, made it into the top dozen.
The most overt bait-and-switch operation in the study abused the Apple and iTunes brands, squatting on 52 of the 241 Apple-related domains (22%) in the list, from www.abpple.com to www.applze.com.
The trick is simple. If you fat-finger www.apple.com and end up at the live-online-istore site, you see an Apple-like page.
This page appears to offer you iTunes software downloads for Windows and Mac. The "Download iTunes" button is the bait.
There is no iTunes download. If you click the button, you are whisked off to the mp3helpdesk site, which now claims to be offering you "unlimited downloads for just 0.99 a month".
Other brand misuse amongst our samples involved directly passing off the typosquat domain as the real thing. Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.
"Mistyping popular domain names wasn't as immediately dangerous as we had feared, with only one web page containing directly-malicious JavaScript," Ducklin said.
"But there were still plenty of risky URLs to which our browser was exposed simply by starting with a typosquat domain," he added.
Of the 14,495 URLs in the downloaded collection, 738 (5.1%) were categorised by SophosLabs as cybercrime or adult.
Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos, Ducklin collected data from 1502 websites and 14,495 URLs.
According to the report, 384 of the URLs (2.7%) downloaded when visiting a typosquat site fell into the loose category of cybercrime. That means they are, or have been, associated with hacking, phishing, online fraud or spamming. And 354 of the URLs (2.4%) were adult or dating sites.
The other categories highlighted in the breakdown give a high-level insight into the typosquatting ecosystem. Unsurprisingly, 15% of the URLs were tagged as advertising sites and popups; 12% related to IT and hosting, representing the large number of typosquats which offer to sell on a possibly-interesting domain name (domain parking, as it is often called) whilst mopping up undeserved click revenue; and 6% were classified as search sites.
Paul Ducklin also examined was the location of the servers hosting the typosquatting URLs.
The USA topped the list, hosting nearly two-thirds of the servers; Germany, China and the UK came in the next three spots. The British Virgin Islands (population approximately 30,000) and the Cayman Islands (about 60,000), which are offshore financial centres, made it into the top dozen.
The most overt bait-and-switch operation in the study abused the Apple and iTunes brands, squatting on 52 of the 241 Apple-related domains (22%) in the list, from www.abpple.com to www.applze.com.
The trick is simple. If you fat-finger www.apple.com and end up at the live-online-istore site, you see an Apple-like page.
This page appears to offer you iTunes software downloads for Windows and Mac. The "Download iTunes" button is the bait.
There is no iTunes download. If you click the button, you are whisked off to the mp3helpdesk site, which now claims to be offering you "unlimited downloads for just 0.99 a month".
Other brand misuse amongst our samples involved directly passing off the typosquat domain as the real thing. Google was the most commonly-abused brand, since it is trivial for a third-party site to present a Google-like search page and to use Google's search engine behind the scenes.
"Mistyping popular domain names wasn't as immediately dangerous as we had feared, with only one web page containing directly-malicious JavaScript," Ducklin said.
"But there were still plenty of risky URLs to which our browser was exposed simply by starting with a typosquat domain," he added.
Of the 14,495 URLs in the downloaded collection, 738 (5.1%) were categorised by SophosLabs as cybercrime or adult.
