Friday, November 23, 2007

The State of Typosquatting - 2007

The recently released "What’s In A Name: The State of Typo-Squatting 2007" is a very in-depth and well segmented study into the topic, you should consider going through :

Typo- and Cyber-squatting on the rise
Key Findings
Rankings by Category
Sample site:
The Economics of Typo-Squatting: Why it Works
What is driving the increase in typo-squatting
The decline in adult content on typo-squatters
Discussion of our methodology
Defining Typo-Squatting
Other Methods for Combating Typo-Squatting
Complete Results

Is it just me using bookmarks and only risking to fall victim into a pharming attack, compared to manually typing and mistyping an URL? My point is that coming across several articles emphasizing how important typing the right URLs is, I think they've missed an important point which is that typosquatting by itself isn't that big of a security threat, but in a combination of tactics it becomes such. There's no chance you will ever mistype an URL such as, a typosquatted domain like the ones I covered in September, since these ones come in as phishing emails hosting a Rock Phish kit, namely they turn into threats when combined with other tactics. Blackhat SEO is another such tactic. The type of always aim to trick search engines into positioning them among the first 20 results, and they often succeed until a search engine figures out it's a blackhat SEO spam and removes it from the index.

Here's an example of such combination of tactics, for instance was spammed according McAfee, the folks behind the study. What's was all about? Icepack kit in action -

No comments:

Post a Comment