3bay, mnsn or Googl? Attention to typo-squatting!

08/06/2007 Written by Roberto Preatoni (SyS64738)

 One of the newest expres­sions of cyber crime is based on typo-​squatting. “3bay​.com”, “eba6y​.it”, “googl​.com”, “mnsn​.com” , “tya​hoo​.com” are com­mon mis­takes we all com­mit while key­ing in a website’s domain, and usu­ally a mes­sage of error follows.

But now people’s typ­ing mis­takes could become a weapons used by crack­ers to per­pe­trate all sorts of cyber crimes: in few words, attack­ers are reg­is­ter­ing domain names which are very close to those of very pop­u­lar web­sites, in order to inter­cept part of their traffic.

It was assessed that over one thou­sand domain names has been recently reg­is­tered on this purpose.

Users who type these domains are re-​directed to a web-​page invit­ing them to update their ver­sion of Inter­net Explorer or to make another research using a spe­cific search-​bar. Obvi­ously such links are fake and they drw straight to the malware.

There are poor skills behind this attack since it is not based on the study of a vul­ner­a­bil­ity and it just lever on users’ low level of awareness.

Some com­pa­nies already pre­sented soft­ware that could “check” each domain’s rep­u­ta­tion using the same prin­ci­ple applied to the con­trol of e-​mail addresses’ reli­a­bil­ity –which counts on large data bases– but such tools are not com­pletely effec­tive and the only fac­tor which could make a real dif­fer­ence is con­sumers’ attention.

Share this content: