Websense has discovered a ‘hive’ of hundreds of typosquat hosts. Domains include youtibe.com, debenhamms.com, and auotrader.co.uk – and a simple typing error by a user could result in redirection to a malicious site. Most of them are hosted on a single IP address, and are moved around to evade detection. They also, says Websense, “attempt to circumvent detection and lie low by periodically shifting from serving threats to serving default parking pages without threats.”
“Users are busy and can easily misspell as they navigate the web,” explains Carl Leonard, senior security researcher at Websense. “And that's exactly what the cybercriminals are counting on as they typosquat popular domains. Websense Security Labs has uncovered a 'typosquat hive' of hundreds of hosts leading to spam websites and survey scams requesting personal information and credit card details. Scams like this open the door to malware and without layered security defenses, 'fat fingers' could give users thinner wallets and open companies up to potential data loss.”
Websense analyzed the youtibe.com domain. It leads to socialsurvey.chattycatty.com, where the YouTube association is continued with a lookalike logo. The landing page, however, offers gifts in exchange for taking part “in our annual visitor survey.” But Websense warns, “After completing the ‘survey’, the user is offered the option to sign up for a paid and automatically renewed monthly subscription service with an additional enticing gift at a low price. The user is then asked to enter their credit card details.”