Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Ships URL Tracer to Hunt Down Typo-Squatters

    By
    Ryan Naraine
    -
    April 7, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft Research has released a new tool to help pinpoint large-scale typo-squatters that are known to be gaming pay-per-click domain parking services.

      The lightweight prototype, called Strider URL Tracer, builds on the work within Microsofts Cybersecurity and Systems Management group to keep tabs on a sophisticated typo-squatting scheme that uses multilayer URL redirection to make money from Googles AdSense for domains program.

      Yi-Min Wang, who heads up the groups work in Redmond, Wash., said URL Tracer can be used as a parental control tool to block inappropriate ads from being served from Web sites that are set up to deliberately lure kids who accidentally misspell a popular domain.

      One live example, Wang said, is the way the virtual pet site at NeoPets.com has been targeted by typo-squatters to serve pornographic-themed ads if it is misspelled. One such misspelling, neoppets.com, is currently serving ads promising naked photos of Britney Spears or other adult images.

      /zimages/6/28571.gifMicrosoft researchers warn of a threat from virtual machine rootkits. Click here to read more.

      He said the group analyzed typo-squatting on 50 popular childrens sites and found more then 7,000 typo-domains. About 2,685 of those domains were active, and a total of 110 were serving questionable content.

      “Four domains redirected to adult sites directly, 36 domains contained at least one conspicuous link to an adult site, and the remaining domains displayed at least one conspicuous adult-category link to a page of adult ads listings,” Wang said.

      Most of the ads were being served from Oingo.com, a domain parking service that powers Googles popular Adsense for domains program. The domain parking service is aimed at Web sites that generate more than 750,000 page views per month and, according to Googles own boast, Adsense for domains is now powering over 3 million domain names.

      “This is a huge, lucrative business,” Wang said, noting that the typo-squatters have been monitoring his groups published work “on a daily basis” and have been moving domains being parking services to dodge detection.

      Wangs group has meticulously tracked the typo-squatting scheme for several months as part of its Strider Typo-Patrol project, and he says its clear that big-name trademark owners with high-traffic Web sites are a major target.

      In an interview with eWEEK, Wang said URL Tracer can also serve as a typo-patrol tool used by trademark owners who want to monitor typo-domains. “It is often too expensive for target-domain owners to investigate and take actions against a large number of individual typo-domains,” he said, adding that a feature built into URL Tracer can take a target domain name and automatically generate and scan its typo-neighborhood.

      The tool uses five programmatic typo-generation models—deliberate missing-dot typos, character omission typos, character permutation typos, character replacement typos and character insertion typos—to pinpoint potential domain-registration structures that are being used to steal traffic from large brands.

      Next Page: Targets include MySpace, Slashdot and Amazon.

      Targets Include MySpace, Slashdot,


      Amazon”>

      Wang said high-traffic properties that are a constant target include MySpace.com, Slashdot, Amazon.com, Expedia, Washington Post, New York Times, Microsoft.com and DisneyChannel.com. Deliberately misspelled domains for several major banking and financial services Web sites are also a constant target, he said.

      The URL Tracer utility provides four main functionalities. It supports a “URL Scan History” view that records the time stamp of each primary URL visited and its associated secondary URLs, grouped by domains. It also supports an alternative “Top Domains” view that, for each secondary URL domain, displays all the visited primary URLs that generated traffic to it.

      For every URL displayed in either of the views, the tool provides a right-click menu with two options: the “Go” option that allows the URL to be revisited (so that the user can figure out which ad came from which URL) and the “Block” option that allows blocking of all future traffic to and from that domain.

      “Its basically an extension of HoneyMonkey,” Wang said, referring to another project within his group that helps Microsofts security teams find the source of zero-day exploits targeting the Windows XP operating system.

      /zimages/6/28571.gifMicrosoft unwraps its HoneyMonkey detection project. Click here to read more.

      The Typo-Patrol scanner built into the tool currently consists of a network of 17 machines, each running a daemon process that monitors its own input-request queue residing in a folder on a central management machine. According to Wang, when a list of typo-domains is dropped into the queue, the daemon fetches the list and launches virtual machines to visit each domain.

      The daemon copies all recorded data to the host machine, including information on all secondary URLs visited, the content of all HTTP requests and responses, and optionally a screen shot. Upon completing the scan of the entire list, the daemon copies all data to its output folder on the central management machine, Wang said.

      Recorded data in the output folder is inserted into a typo-domain database for data queries and analysis.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×