Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      MS Research: Typo-Squatters Are Gaming Google

      By
      Ryan Naraine
      -
      December 19, 2005
      Share
      Facebook
      Twitter
      Linkedin

        Researchers at Microsoft Corp. have blown the lid off a large-scale, typo-squatting scheme that uses multi-layer URL redirection to game Googles AdSense for domains program.

        The scheme was uncovered when Redmond lab rats decided to extend its HoneyMonkey exploit detection system, a project that runs automatic and systematic Web scans to investigate the seedier side of the Internet.

        With the new Strider Typo-Patrol System, the Microsoft Research Systems Management Research Group was able to track down a ring of typo-squatters registering misspelled domain names and generating traffic to serve advertising from Google.

        Using five programmatic typo-generation models, the researchers pinpointed a series of domain-registration structures being used by “major typo-squatters” to steal traffic from some of the biggest Internet brands, including Amazon.com, Expedia.com and Mapquest.com.

        /zimages/1/28571.gifStrider HoneyMonkey: Trawling for Windows exploits. Click here to read more.

        The scheme was traced to Unasi Inc., a company registered in Panama. Almost all of the misspelled URLs found are parked with Oingo.com, a domain parking server owned by Google Inc.

        According to data from Microsoft, domain names are being registered with deliberate missing-dot typos, character omission typos, character permutation typos, character replacement typos and character insertion typos.

        For example, instead of the legitimate “www.microsoft.com,” the domain “www.microsokft.com” has been registered and set up to redirect to another misspelled domain that currently serves up Google AdSense advertising for software products.

        Some of the domains move around between domain parking services or between anchor domains over time as part of a “multi-layer redirection structure” that makes it difficult to trace.

        The Microsoft researchers found that Web sites aimed at kids were a regular target. Several variations of Disney Channels “kimpossible.com” have been registered and all redirect to a parked anchor for the misspelled “disnryland.com.” On that site, Google AdSense ads for adult content and pornography are being served.

        The data from the Strider Typo-Patrol System also highlighted the use of typo-squatting in phishing attacks. Web sites belonging to Bank of America Corp., Barclays Bank PLC., Citigroup Inc. have all been targeted, with misspelled variations of domains pointing to fake banking sites with Google ads tailored to financial services.

        In an interesting twist, the Google ads sometimes point back to the actual site that is deliberately misspelled, meaning that companies are paying per-click fees to the scammers.

        The key to the scheme is Googles Google AdSense for domains program, which lets users split revenue from advertising served on parked domains. Google boasts that the service powers more than 3 million domain names.

        However, as the Microsoft researchers point out, the use of deliberately misspelled URLs in the program may be a violation of Googles terms of service that clearly restricts “site promotion of incentive or fraudulent clicking.”

        /zimages/1/28571.gifMicrosoft unwraps HoneyMonkey detection project. Click here to read more.

        Google itself has been a target of typo-squatters. Earlier this year, the deliberately misspelled “googkle.com” domain was used to install Trojan droppers, downloaders, backdoors and spyware when an unsuspecting surfer mistyped the search giants domain name.

        Google filed a complaint with the National Arbitration Forum and won the rights to several of the misspelled domain names.

        Several anti-virus vendors have also seen evidence of typo-squatters making money by redirecting surfers to fake sites packed with Google AdSense ads.

        More than two months after Finnish anti-virus specialist F-Secure Corp. complained that it was a favorite target of the typo-squatters, the fake sites are still up and running and serving Google ads.

        So far, the researchers say they have not found any exploit sites hosted on typo-squatting domains. However, Microsoft believes the Strider Typo-Patrol System can help domain-parking service providers monitor the parked domains they are hosting for questionable behaviors.

        Ben Edelman, a security researcher and Harvard University Ph.D. candidate, said Googles domain parking system is “full of very troubling registrations.”

        “Its not uncommon to see [misspelled] domains like bankofdamerica.com, which ultimately get all of their revenue from Google, yet which are clearly prohibited under settled trademark law,” Edelman said.

        “That doesnt seem to bother Google, though; Google takes the odd position that theyre not responsible for where their ads end up, even when theyre paying domain registrants to show the ads there.”

        /zimages/1/28571.gifClick here to read about typo-squatters targeting anti-virus vendors.

        Edelman, who has written extensively on the problem of Large-Scale Registration of Domains with Typographical Errors, said Google is supporting the shady business.

        “[By] dramatically increasing the revenue that cyber-squatters can earn, Google encourages the cyber-squatting business and makes marginal squatting domains profitable—further increasing the scope of this problem,” he added.

        “Its particularly troubling when a cyber-squatters Google ads end up promoting the very merchant whos being squatted on. Then the advertiser ends up paying for traffic on their own typos—with Google and the cyber-squatter making money as a result,” Edelman said.

        “All in all, Googles house is not in order here. Google has put its own profits above the rights of Web site owners. My advice to Google is to clean up its act—to think carefully about where they really want their ads to appear, and to terminate any “partners” who dont measure up.”

        /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

        Ryan Naraine
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.

        MOST POPULAR ARTICLES

        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Applications

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        IT Management

        Intuit’s Nhung Ho on AI for the...

        James Maguire - May 13, 2022 0
        I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
        Read more
        Cloud

        IGEL CEO Jed Ayres on Edge and...

        James Maguire - June 14, 2022 0
        I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
        Read more
        Applications

        Kyndryl’s Nicolas Sekkaki on Handling AI and...

        James Maguire - November 9, 2022 0
        I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2022 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×