Share

Related Links

Related Stories

Top 5 Stories

News

Typosquat hive discovered by security researchers

31 January 2013

Typosquatting is not a new phenomenon – it seeks to capitalize on misspelled legitimate URLs to direct users to different malicious websites. But this latest example is typosquatting on an industrial scale.

Websense has discovered a ‘hive’ of hundreds of typosquat hosts. Domains include youtibe.com, debenhamms.com, and auotrader.co.uk – and a simple typing error by a user could result in redirection to a malicious site. Most of them are hosted on a single IP address, and are moved around to evade detection. They also, says Websense, “attempt to circumvent detection and lie low by periodically shifting from serving threats to serving default parking pages without threats.”

“Users are busy and can easily misspell as they navigate the web,” explains Carl Leonard, senior security researcher at Websense. “And that's exactly what the cybercriminals are counting on as they typosquat popular domains. Websense Security Labs has uncovered a 'typosquat hive' of hundreds of hosts leading to spam websites and survey scams requesting personal information and credit card details. Scams like this open the door to malware and without layered security defenses, 'fat fingers' could give users thinner wallets and open companies up to potential data loss.”

Websense analyzed the youtibe.com domain. It leads to socialsurvey.chattycatty.com, where the YouTube association is continued with a lookalike logo. The landing page, however, offers gifts in exchange for taking part “in our annual visitor survey.” But Websense warns, “After completing the ‘survey’, the user is offered the option to sign up for a paid and automatically renewed monthly subscription service with an additional enticing gift at a low price. The user is then asked to enter their credit card details.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×