Home / News

Typosquatted Domain Names Pose Plenty of Risk But Surprisingly Little Malware

A recent study took an in-depth look at the scale and the risk of domain name typosquatting — the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. "Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos," Paul Ducklin, Sophos' Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.

Ducklin wrote: "We recently surveyed a batch of lost USB keys bought from a transit authority's Lost Property auction; we hoped that the infection rate would be about 10%, but found that 66% of the keys in our study were infected. So we naively assumed that typosquat sites would be similarly incautious (either by accident or design) about malware. But out of 14,495 URLs downloaded in browsing to the 1502 sites on our list, only one contained malware. That's just 0.01% by URL, and 0.07% by fully-qualified domain name."

In his report, Ducklin analyses the data revealing unexpected results and harmful aspects of the typosquatting ecosystem.

Related topics: Cybersquatting, Domain Names, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


A more meaningful conclusion Eric Brunner-Williams  –  Dec 20, 2011 11:26 AM PST

The study also found that DoubleClick (Google) had a revenue relation with 37% of the study sites. The distribution of its competitors in the PPC universe was discovered in the study site sample unfortunately not stated.

To post comments, please login or create an account.

Related Blogs

Officially Compromised Privacy

The Emotional Cost of Cybercrime

Why I Wrote 'Thinking Security'

Regulation and Reason

In Network Security Design, It's About the Users

Related News


Industry Updates – Sponsored Posts

Radix's .ONLINE Fastest to Sell 100,000 Domains

.PRO Domains Now Available to All

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

LogicBoxes Announces Pioneer Registrar Program

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

City of Miami 3rd in U.S. to Launch Dedicated TLD

Internet Grows to 296 Million Domain Names in Q2 2015

.Online Becomes the Fastest TLD to Sell 50,000 Domains

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

.ONLINE GA Launches with 28,000 Registrations in the First 30 Minutes

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Influential Law Firms Have Become Early Adopters of '.law' TLD

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

40+ Pioneers Signed on for .TECH, as it Enters EAP Today

WeddingWire Joins Minds + Machines As New TLD '.Wedding' Pioneer

LogicBoxes Introduces DomainBridge

Carlsberg Group Joins Minds + Machines Pioneer Program

Introducing the Verisign DNS Firewall

Sponsored Topics