Please read the article below and be careful what you type in future.
Typosquatting: watch out for those typos!
A misspelled URL can sometimes lead you to sites that are rigged with Trojan Horses or adware. And these can be serious trouble.
A nasty surprise was waiting last April for Internet users who wanted to reach the Google site. If they had the misfortune of misspelling the name (Googkle instead of Google), they were taken to a site that contained Trojans and spyware. Setting traps for people who made typos in well-known names such as Microsoft or Yahoo had already been done before, but this is the first time that this tactic had been used for propagating malware. Is this ploy, known as “typosquatting”, a new threat? How can you avoid the risk?
- What is typosquatting or cybersquatting?
Anyone who wants to be noticed in the vast ocean of the Internet has to offer content, products or value-added services in order to stand out from the rest and attract visitors. Failing this, some attempt to steal visitors from other sites, either by taking over their identities or by taking advantage of users’ carelessness. The first, known as cybersquatting, consists of registering the same domain names as the well-known sites, while simply changing the extension (using .com instead of .org, for example) or just adding a word. In August 2000, Yahoo won a suit against the person who had created the sites named yahoo.com.uy, yahooemail.net, yahoofree.net, yahoofree.com and yahoochat.net. All of these sites – typical examples of cybersquatting – were designed to cause confusion among Internet users and capture a portion of the traffic aimed at Yahoo’s services. Another high-profile example is the site whitehouse.com, which has nothing to do with the web site for the White House (accessible at whitehouse.gov), and takes users to a pornographic site instead. The EuroDNS affair that made headlines last February gave an idea of just how far such identity-stealing tactics could go. The Luxembourg-based company had registered 4,465 contentious domain names, including msn-messenger.fr and natureetdecouverte.fr.
Typosquatting is a more evolved form of cybersquatting. It consists of anticipating typing errors that are most likely to be made by visitors to well-known URLs, such as typing "microsft" instead of "microsoft". Last July, the AFNIC, which oversees the management of .fr domains, decided to block the use of 1,212 domain names registered by the KTLE company that were cases of typosquatting. Sckyrock.fr, nouvellesfrontiers.fr, alocine.fr, Campanil, Cdicount, Cdiscont, Staracademi, Virginmegastor and Harrypoter.fr were among the misleading names registered by KTLE. The company had also registered the name "Googlre.fr". There’s no doubt about it, the famous search engine is one of the favorite targets for cyber- and typosquatters! Google was fully aware of the problem, and made the decision to redirect any visitors who would type, for example, an extra “o” in the site address to their homepage. But there are limits to such precautions. For example, there is no provision made for visitors who type a fourth “o” and land on a site advertising online casinos.
- The extent of the threat
Why would anyone want to go to such lengths to divert a portion of visitors to well-known web sites? The first, and most obvious, reason is to increase traffic. The site owner, who may well offer services similar - or completely different - to those of the usurped site, thereby manages to promote their own site at a reduced cost, and may even succeed in selling advertising space on the strength of this traffic boost. When the target site generates a lot of traffic, the fake site may snag thousands of visitors, even if it is only a low percentage of the Internet users who incorrectly enter the URL.
From the Internet user’s viewpoint, there is no great loss, except perhaps a waste of time. But the damage done through usurped sites does not end there. Some go so far as to collect e-mail sent to mistaken addresses, such as "support@microsft.com" instead of "support@microsoft.com". This lets them effortlessly create a target database for their spamming campaigns. And, there is nothing to prevent these cyber- and typosquatters from inserting spyware or adware, Trojan Horses or even viruses in these usurped pages. Most of the companies that use these techniques have no scruples, and recourse to adware or spamming is an everyday practice. The Googkle.com incident demonstrated that these sites can be used to distribute malicious codes.
- What can I do to protect myself?
If you are unsure of the name of a site, don’t just try a hit-or-miss solution by typing in something close. Use a directory or search engine to find the correct address. To avoid any risk of contamination by adware or viruses, do not surf without the protection of a firewall and an up-to-date anti-virus program.
