Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Typosquatting: take 2

Created: 18 Aug 2006 07:00:00 GMT • Updated: 23 Jan 2014 18:57:46 GMT
Marc Fossi's picture
0 0 Votes
Login to vote

Typosquatting has been around for a while.For those not familiar with the term, it refers to the practice ofregistering a domain name similar to that of a legitimate Web site (forexample, symantc.com instead of symantec.com). The idea is that whenyou type the name of a site into your Web browser, there’s a chanceyou’ll make a typo, which results in you being taken to the squatter’ssite instead of the legitimate site. The squatter’s site may be a pageloaded with ads that generate revenue for them, a page that exploits abrowser vulnerability to load malicious code, adware, or spyware ontoyour computer, or a phishing site designed to look like the site youmeant to go to.

To fight typosquatting, many companieshave begun registering domain names based on common typos in theiractual names. For example, if you type gooogle.com into your browser,you’ll be redirected to google.com. Now, this works for typos withinthe domain name itself, but what if you leave the ‘o’ out of .com andinstead go to .cm?

The .cm top level domain (TLD) belongs to Cameroon. Lately, it seemsas though someone has been typosquatting unregistered domain nameswithin the .cm TLD, so that when you enter a legitimate domain butaccidentally give it a .cm extension, you’re redirected to a pagefilled with ads rather than an error page. While this may not seem toobad, the potential exists for an attacker to host Trojans or phishingsites on these squatter pages. Until someone resolves this issue, youshould always proofread the address you just typed before going to thepage.