Microsoft outs typo-squatting menace
Microsoft has released an Internet Explorer plug-in that reveals the true scale of the phenomenon of squatting popular URLs with misspelled equivalents.
A domain can be typed into the Stryder URL Tracer tool and used to generate all the misspelled sites -- the "typo neighborhood" as Microsoft terms it -- that are hanging off it. These can be analyzed in some detail, including sub and linked domains, and blocked if desired.
According to the company, the technique of registering typos of popular domains has turned into a good business thanks to Google's AdSense for domains program.
AdSense is a free service whereby Google will bring up ads for inactive or "parked" domains, and is widely used by so-called "typo-squatters" to generate ad traffic from domains registering using any one of a multitude of common misspellings.
These can promote a range of unrelated services including, in some cases, porn, spyware and phishing. The majority of them appear to be with registered using a small number of domain-parking services, including at least one owned by Google itself.
The number of domains that can be generated from one popular URL is vast. As well as missing or adding characters near the beginning or end of a URL, they can also use missing dots between address fields, and random character permutations within the address.
The more popular and established a domain, the more likely it is to attract the interest of the typo domain squatters. Washington Post and Slashdot are two domains that appear to generate a long list of squatting domains, while even Microsoft itself has been targeted by the domain squatters.
"Our Typo-Patrol work proposes the first automatic and systematic approach to discovering and analyzing typo domains and typo-squatters," the authors of Microsoft's detailed report on the subject states.
"We encourage parking services that are really serious about enforcing their policies to use our tool to discover systematic typo-squatting domains that participate in their parking programs and to identify large-scale typo-squatters among their customers," the paper concludes.
The tool can be downloaded from the Microsoft website (installation requires IE 6.0 and version 2.0 of the .Net framework).
Tags : Microsoft : typo-squatting: Online Security
A domain can be typed into the Stryder URL Tracer tool and used to generate all the misspelled sites -- the "typo neighborhood" as Microsoft terms it -- that are hanging off it. These can be analyzed in some detail, including sub and linked domains, and blocked if desired.
According to the company, the technique of registering typos of popular domains has turned into a good business thanks to Google's AdSense for domains program.
AdSense is a free service whereby Google will bring up ads for inactive or "parked" domains, and is widely used by so-called "typo-squatters" to generate ad traffic from domains registering using any one of a multitude of common misspellings.
These can promote a range of unrelated services including, in some cases, porn, spyware and phishing. The majority of them appear to be with registered using a small number of domain-parking services, including at least one owned by Google itself.
The number of domains that can be generated from one popular URL is vast. As well as missing or adding characters near the beginning or end of a URL, they can also use missing dots between address fields, and random character permutations within the address.
The more popular and established a domain, the more likely it is to attract the interest of the typo domain squatters. Washington Post and Slashdot are two domains that appear to generate a long list of squatting domains, while even Microsoft itself has been targeted by the domain squatters.
"Our Typo-Patrol work proposes the first automatic and systematic approach to discovering and analyzing typo domains and typo-squatters," the authors of Microsoft's detailed report on the subject states.
"We encourage parking services that are really serious about enforcing their policies to use our tool to discover systematic typo-squatting domains that participate in their parking programs and to identify large-scale typo-squatters among their customers," the paper concludes.
The tool can be downloaded from the Microsoft website (installation requires IE 6.0 and version 2.0 of the .Net framework).
Tags : Microsoft : typo-squatting: Online Security