Home / News

Typosquatted Domain Names Pose Plenty of Risk But Surprisingly Little Malware

A recent study took an in-depth look at the scale and the risk of domain name typosquatting — the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. "Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos," Paul Ducklin, Sophos' Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs.

Ducklin wrote: "We recently surveyed a batch of lost USB keys bought from a transit authority's Lost Property auction; we hoped that the infection rate would be about 10%, but found that 66% of the keys in our study were infected. So we naively assumed that typosquat sites would be similarly incautious (either by accident or design) about malware. But out of 14,495 URLs downloaded in browsing to the 1502 sites on our list, only one contained malware. That's just 0.01% by URL, and 0.07% by fully-qualified domain name."

In his report, Ducklin analyses the data revealing unexpected results and harmful aspects of the typosquatting ecosystem.

Related topics: Cybersquatting, Domain Names, Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

A more meaningful conclusion Eric Brunner-Williams  –  Dec 20, 2011 12:26 PM PDT

The study also found that DoubleClick (Google) had a revenue relation with 37% of the study sites. The distribution of its competitors in the PPC universe was discovered in the study site sample unfortunately not stated.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

New TLD? Make Sure It's Secure

Radix Launches Startup League at TechCrunch

Celebrating One Year of .online

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

LogicBoxes Launches the New Elite Reseller Program

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Effective Strategies to Build Your Reseller Channel (Webinar)

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

.STORE Grosses Over $1 Million Before the Close of Day 1

News.Markets: A Rising Star in the World of Financial Trading and New TLDs

Verisign Announces .コム Domain Names Are Now Available for Anyone to Register

NBA & NFL Teams Drive .store Sunrise Score to 647

New TLD .STORE Crosses 500+ Sunrise Applications

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Meet Boston Ivy, Home to Some of the Most Specialized TLDs in the Financial Services Sector

Move Beyond Defensive Domain Name Registrations, Towards Strategic Thinking

Is Your TLD Threat Mitigation Strategy up to Scratch?

Verisign Launches New gTLDs for the Korean Market, .닷컴 and .닷넷

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Port25

Email

Sponsored by
Port25
Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services