Home / News

Typosquatted Domain Names Pose Plenty of Risk But Surprisingly Little Malware

A recent study took an in-depth look at the scale and the risk of domain name typosquatting — the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. "Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos," Paul Ducklin, Sophos' Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.

Ducklin wrote: "We recently surveyed a batch of lost USB keys bought from a transit authority's Lost Property auction; we hoped that the infection rate would be about 10%, but found that 66% of the keys in our study were infected. So we naively assumed that typosquat sites would be similarly incautious (either by accident or design) about malware. But out of 14,495 URLs downloaded in browsing to the 1502 sites on our list, only one contained malware. That's just 0.01% by URL, and 0.07% by fully-qualified domain name."

In his report, Ducklin analyses the data revealing unexpected results and harmful aspects of the typosquatting ecosystem.

Related topics: Cybersquatting, Domain Names, Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

A more meaningful conclusion Eric Brunner-Williams  –  Dec 20, 2011 12:26 PM PDT

The study also found that DoubleClick (Google) had a revenue relation with 37% of the study sites. The distribution of its competitors in the PPC universe was discovered in the study site sample unfortunately not stated.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Afilias Announces Relaunch of .GREEN TLD

Encrypting Inbound and Outbound Email Connections with PowerMTA

New .PROMO Domain Sunrise Period Begins Today

Minds + Machines Group Announces Outsourcing Agreements, Web Address Change

.STORE Opens its Doors to Brands

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

February Biggest Month to Date for Radix, Over 750K Domain Registrations

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Radix & WHMCS Offer Free .HOST Domains to All WHMCS Customers

New .BET Domain Now Available to the Public

Radix and SnapNames Announce Exclusive Partnership

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

Radix Gives Its TLD .SPACE a Makeover

The Framework for Resilient Cybersecurity (Webinar)

New .PET Domain Available to the Public

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Priority Access Program for Verisign's First IDN New gTLD, .コム

Minds + Machines Group Expands Into Chinese Market

New .PET Domain Sunrise Period Begins January 19

Sponsored Topics

Port25

Email

Sponsored by
Port25
Verisign

Security

Sponsored by
Verisign
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias