|
A recent study took an in-depth look at the scale and the risk of domain name typosquatting—the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. “Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos,” Paul Ducklin, Sophos’ Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.
Ducklin wrote: “We recently surveyed a batch of lost USB keys bought from a transit authority’s Lost Property auction; we hoped that the infection rate would be about 10%, but found that 66% of the keys in our study were infected. So we naively assumed that typosquat sites would be similarly incautious (either by accident or design) about malware. But out of 14,495 URLs downloaded in browsing to the 1502 sites on our list, only one contained malware. That’s just 0.01% by URL, and 0.07% by fully-qualified domain name.”
In his report, Ducklin analyses the data revealing unexpected results and harmful aspects of the typosquatting ecosystem.
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byDNIB.com
The study also found that DoubleClick (Google) had a revenue relation with 37% of the study sites. The distribution of its competitors in the PPC universe was discovered in the study site sample unfortunately not stated.