Friday, November 23, 2007

The State of Typosquatting - 2007

The recently released "What’s In A Name: The State of Typo-Squatting 2007" is a very in-depth and well segmented study into the topic, you should consider going through :

Introduction
Typo- and Cyber-squatting on the rise
Key Findings
Methodology
Rankings by Category
Sample site: McAfee.com
The Economics of Typo-Squatting: Why it Works
What is driving the increase in typo-squatting
The decline in adult content on typo-squatters
Discussion of our methodology
Defining Typo-Squatting
Other Methods for Combating Typo-Squatting
Conclusions
Complete Results

Is it just me using bookmarks and only risking to fall victim into a pharming attack, compared to manually typing and mistyping an URL? My point is that coming across several articles emphasizing how important typing the right URLs is, I think they've missed an important point which is that typosquatting by itself isn't that big of a security threat, but in a combination of tactics it becomes such. There's no chance you will ever mistype an URL such as paypal-comlwebscrc-login-run.com, a typosquatted domain like the ones I covered in September, since these ones come in as phishing emails hosting a Rock Phish kit, namely they turn into threats when combined with other tactics. Blackhat SEO is another such tactic. The type of buy-cheap-iphones.com always aim to trick search engines into positioning them among the first 20 results, and they often succeed until a search engine figures out it's a blackhat SEO spam and removes it from the index.

Here's an example of such combination of tactics, use-iphone.com for instance was spammed according McAfee, the folks behind the study. What's was use-iphone.com all about? Icepack kit in action - use-iphone.com/ice-pack/index.php.

No comments:

Post a Comment