Spyware threat from typosquatters

An unholy alliance of typosquatters, domain kiters and malware writers could pose headaches for firms and web users

Domain kiters and typosquatters could join forces with malware writers to create a new threat for unsuspecting web users, according to email security vendor IronPort.
Domain kiting is the process by which registrars and other parties snap up large numbers of domain names to assess the revenue-generating potential of the sites, and cancel those they believe will not be profitable before they have to pay for them. Typosquatting involves the registration of domains with addresses similar to more popular ones to attract traffic from mistyped URLs.

Around 65 percent of currently active typosquatting sites can be tracked back to five or six organisations, which are generating a lot of revenue from pay-per-click search engine links on the sites, said Patrick Peterson, vice-president of technology at IronPort.

Typosquatting sites could generate further revenue if malware authors paid them to display links to download spyware when clicked, warned Peterson. Such sites might, for example, collect a fee for every PC infected as a result.

"I'm not aware of large-scale co-operation between the malware people, the spammers and typosquatters," said Peterson. "But just as the spammers and virus writers never worked together until the Sobig virus, there's no reason that domain kiting and typosquatting won't naturally blend together [with these other threats] in the future."

Simon Davies, managing director of ISP IDNet, agreed such blends pose a potential threat.

On the subject of typosquatting, Davies warned that it is sometimes difficult for firms to defend their interests. He added that although disputes over country-code domains such as .uk can normally be settled by the appropriate registry, disputes over global top-level domains, such as .com addresses, are much harder to police, and may require a "battalion of lawyers and deep pockets " to resolve.

"For tricky domain names, we recommend our high-profile clients register any common misspellings to [pre-empt the typosquatters]," Davies said.

Microsoft recently launched three lawsuits against firms registering domains, including www.windowslivetutorial.com, arguing that they benefit from their apparent association with Microsoft’s products.

Aaron Kornblum, who is leading the case, said in a statement that “placing a high-profile or pop culture trademark in your domain name is a tempting but illegal way to generate pay-per-click revenue".

The problem of domain kiting has grown significantly in recent months. Bob Parsons, chief executive of US–based registrar GoDaddy, claimed that 32 million out of the 35 million names registered in April were part of kiting schemes.

"Kiting takes millions of good names off the system, and makes them unavailable for the purposes for which those names were originally intended and places an unnecessary burden on every registry," said Parsons in his blog.

And earlier this month, it was alleged that the registry for the Cameroon domain ".cm" was involved in a massive typosquatting operation to put a monetary value on all the traffic from mistyped ".com" addresses.