Is there an epidemic of typo squatting?
One of our readers, Jim, wrote in earlier today to say he has noticed an increase in "working" typo squatting over the last 2 months or so. That is, he's seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery. His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic? I'm not currently setup to monitor this type of activity, so I figured I'd ask our loyal readers. Do you monitor your proxy and DNS logs for this type of activity and have you seen an increase? Leave a comment below or our contact form to let us know. Below are just a few examples of the domains he has seen.
Bogus domains include:
- audilble.com
- boatrader.com
- charleesschwab.com
- chsse.com
- cnnmonet.com
- dilymail.co.uk
- loanadminstration.com
- myunh.com
- nydailnews.com
- nydailynew.com
- nyeater.com
- nylottory.org
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
Comments
GA
May 7th 2013
1 decade ago
joeblow
May 7th 2013
1 decade ago
@joeblow: Registrars are supposed to be completely ignorant of what domains they register for which person. That's part of the net neutrality. As I said above - your typosquatting domain is my pet shop homepage...
Visi
May 7th 2013
1 decade ago
Jim
May 7th 2013
1 decade ago
Bob
May 7th 2013
1 decade ago
JacL
May 7th 2013
1 decade ago
Yes, we monitor this through our proxy and no, we have not seen an increase of events related typo-squatted domain names.
JacL
May 7th 2013
1 decade ago
WSpu
May 7th 2013
1 decade ago