Analysis: the Typosquatting trade

Powered by SC Magazine
 

Typosquatting pages and their victims are sold off on the criminal underground.

Type “goggle” instead of “google” and you still end up at Google. But type “twiter” instead of “twitter” and you end up at a deceptively similar scam site designed to collect personal user information

At best, typosquatting causes inconvience.  At worst, it causes data theft and exposes the victim to exploits, malware, and phishing scams.

Websense Security Labs recently analysed common typos that occur when trying to reach Facebook. The typosquatting pages rely on typo errors based on keyboard character distance, common repeats, and omissions.

The Labs also studied objectionable links generated by these typos. They found that over 62 per cent of the links lead to bot networks, phishing, or malicious websites.


Twitter, for example, is the subject of numerous false sites including: 

·   ttwitter.com 
·   twwitter.com 
·   twiitter.com 
·   twittter.com 
·   twitterr.com 
·   twutter.com 
·   twiter.com 

Many of the most popular websites (including Amazon and Google) have registered web sites with such typos and spelling errors to safeguard users.

Others that don't take such steps can find their users falling prey to typosquatting. And if the typo site has already been registered, the legitimate company can face a long legal battle.

Many months after Twitter won its dispute against twiter.com, the site is still redirecting to a scam survey.

Given the millions of users trying to reach the world's most popular websites, the value to a criminal of a good typosquatting address is high. It's just a matter of finding a way of using the visitor numbers to generate dollars. 

The high premium phone numbers scam

One way of making money is to present cost per action scams or registering to high premium phone number services. The attacker registers or leases from other cybercriminals several typosquatting sites for the one leading web address. They then redirect the typosquat sites to another site.

This occurs globally with some of the twitter.com variants. Visitors are redirected to a site where they are presented with a screen that tells them they have been selected to complete a survey for a chance to win a gift such as an iPhone 4S. After they complete the survey, the visitor is asked to enter their phone number which quietly subscribes them to a service that costs more than $2 per message or  $6 per week. 

One of the spam sites used in this campaign is video-rewardz.com, which at its peak in late 2011, achieved a top-250 ranking in the global Alexa web analytics listings. Related spam sites include:

·   videorewardcentral.com 
·   videorewardsonline.com 
·   socialupdatepanel.com 
·   videorewardstoday.com 
·   videorewardsnow.com 
·   giveaway-winner.com 
·   videorewardspace.com 
·   video-reward.com 
·   videorewardspot.com 

The campaign is widespread and includes frequently visited registered typosquatting domains in all areas ranging from Google to Victoria's Secret, and Wikipedia to Craigslist. The Websense ThreatSeeker Network has discovered over 7000 typosquatting sites within this single network.

What's it worth?

Websense estimates the total number of daily visits for just one spam site – video-rewardz.com – at871,915. Daily page views are around 4,010,808. Based on online website valuation tools such as worthofweb.com this puts a value of $20,545,371 on the video-rewardz.com website. It's a substantial sum. 

Currently, the spam advertisements used in the campaign are not installing malware on user’s computers. But what if these networks are resold to underground groups with that intent?

If the downloads were changed to contain data-stealing malware (a fairly easy process), the outcome could be devastating for people trying to protect corporate and personal data. 

Careful typing helps, but will never be enough, so it's highly recommended that companies install security that protects email and web browsing, and protects against data theft.

Copyright © SC Magazine, Australia


Analysis: the Typosquatting trade
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 884

Vote