Home / News

Typosquatted Domain Names Pose Plenty of Risk But Surprisingly Little Malware

By CircleID Reporter
  • December 15, 2011, 7:56 pm PST
  • Views: 17,768
  • Comments: 1

A recent study took an in-depth look at the scale and the risk of domain name typosquatting—the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. “Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos,” Paul Ducklin, Sophos’ Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.

Ducklin wrote: “We recently surveyed a batch of lost USB keys bought from a transit authority’s Lost Property auction; we hoped that the infection rate would be about 10%, but found that 66% of the keys in our study were infected. So we naively assumed that typosquat sites would be similarly incautious (either by accident or design) about malware. But out of 14,495 URLs downloaded in browsing to the 1502 sites on our list, only one contained malware. That’s just 0.01% by URL, and 0.07% by fully-qualified domain name.”

In his report, Ducklin analyses the data revealing unexpected results and harmful aspects of the typosquatting ecosystem.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

A more meaningful conclusion Eric Brunner-Williams  –  Dec 20, 2011 7:26 PM

The study also found that DoubleClick (Google) had a revenue relation with 37% of the study sites. The distribution of its competitors in the PPC universe was discovered in the study site sample unfortunately not stated.

# 1 Reply  |  Link  |  Report Problems

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

View All Topics