Article

Strider typo-patrol: discovery and analysis of systematic typo-squatting

Authors:

Chad Verbowski,

Brad DanielsAuthors Info & Claims

SRUTI'06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2

Page 5

Published: 07 July 2006 Publication History

Abstract

Typo-squatting refers to the practice of registering domain names that are typo variations of popular websites. We propose a new approach, called Strider Typo-Patrol, to discover large-scale, systematic typo-squatters. We show that a large number of typo-squatting domains are active and a large percentage of them are parked with a handful of major domain parking services, which serve syndicated advertisements on these domains. We also describe the Strider URL Tracer, a tool that we have released to allow website owners to systematically monitor typo-squatting domains of their sites.

References

[1]

{1} Benjamin Edelman, "Large-Scale Registration of Domains with Typographical Errors," Sept. 2003, http://cyber.law.harvard.edu/people/edelman/typo-domains/.

[2]

{2} Will Sturgeon, "Serial typo-squatters target security firms," ZDNet, Sep. 19, 2005, http://news.zdnet.com/2100-1009_22-5873001.html.

[3]

{3} Strider Typo-Patrol, http://research.microsoft.com/Typo-Patrol.

[4]

{4} "Googkle.com installed malware by exploiting browser vulnerabilities," http://www.f-secure.com/v-descs/googkle.shtml.

[5]

{5} Yi-Min Wang, et al., "Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities", in Proc. NDSS, February 2006.

[6]

{6} Screenshots of questionable advertisements, http://research.microsoft.com/Typo-Patrol/screenshots.htm.

[7]

{7} "Truth in Domain Names Act of 2003," http://www.cybertelecom.org/dns/truth.htm.

[8]

{8} Anticybersquatting Consumer Protection Act (ACPA), http://www.patents.com/acpa.htm, November 29, 1999.

[9]

{9} Uniform Domain-Name Dispute-Resolution Policy (UDRP), http://www.icann.org/udrp/udrp.htm.

[10]

{10} "Cybersquatter Fined $100,000 Per Domain Name," http://www.gigalaw.com/articles/2000-all/isenberg-2000-11a-all.html, November 2000.

[11]

{11} "Typogoogling," http://www.f-secure.com/weblog/ archives/archive-122005.html#00000743.

[12]

{12} Domain potential, https://partner.dotzup.com/flush.html.

[13]

{13} Screenshots of sample parked domains, http://research.microsoft.com/URLTracer/Parked_Domains.htm.

[14]

{14} Numerous domain name dispute cases against Unasi, Inc., http://research.microsoft.com/Typo-Patrol/default.htm#Unasi.

[15]

{15} Ryan Naraine, "MS Research: Typo-Squatters Are Gaming Google," eWeek.com, December 19, 2005, http://www.eweek.com/article2/0,1895,1903695,00.asp.

[16]

{16} Bulk registration pricing, https://www.godaddy.com/ gdshop/registrar/bulkprices.asp?se=%2B&ci=176.

[17]

{17} WhoIs lookup, http://domaintools.com or http://whois.ws.

[18]

{18} Millersmiles Phishing Scams by Targeted Company, http://www.millersmiles.co.uk/scams.php.

[19]

{19} Abandoned anchor domains for oingo-parked typo domains, http://research.microsoft.com/Typo-Patrol/Major_Anchors.htm.

[20]

{20} "Microsoft 'URL Tracer' Hunts Typosquatters," Slashdot, http://it.slashdot.org/article.pl?sid=06/04/07/1818228&thres hold=-1, April 7, 2006.

[21]

{21} Strider URL Tracer with Typo-Patrol, http://research.microsoft.com/URLTracer/.

[22]

{22} Google AdSense for Domains Trademark Complaint Procedure, http://www.google.com/tm_complaint_afd.html.

[23]

{23} Fiddler HTTP Debugging Proxy https://fiddlertool.com/fiddler/.

[24]

{24} Blocking advertisement with the Firefox userContent.css file, http://www.mozilla.org/support/firefox/adblock.html.

[25]

{25} Blocking Unwanted Parasites with a Hosts File, http://www.mvps.org/winhelp2002/hosts.htm.

[26]

{26} Stefanie Olsen, "Ad firms set rules for Web tracking bugs," CNET News.com, November 26, 2002, http://news.com.com/Ad+firms+set+rules+for+Web+trackin g+bugs/2100-1023_3-975385.html?tag=st.ref.goo.

[27]

{27} Evgeniy Gabrilovich and Alex Gontmakher, "The Homograph Attack", Communications of the ACM, 45(2):128, February 2002.

[28]

{28} Tobias Holgers, David E. Watson, and Steven D. Gribble, "Cutting through the Confusion: A Measurement Study of Homograph Attacks," in Proc. USENIX Annual Technical Conference, June 2006.

[29]

{29} DomainSponsor Terms of Use, http://www.domainsponsor.com/terms.html.

[30]

{30} Google AdSense for domains, http://www.google.com/domainpark/.

Cited By

Szurdi JLuo MKondracki BNikiforakis NChristin N(2021)Where are you taking me?Understanding Abusive Traffic Distribution SystemsProceedings of the Web Conference 202110.1145/3442381.3450071(3613-3624)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3450071
Ma ZReynolds JDickinson JWang KJudd TBarnes JMason JBailey MJansen RPeterson P(2019)The impact of secure transport protocols on phishing efficacyProceedings of the 12th USENIX Conference on Cyber Security Experimentation and Test10.5555/3359012.3359021(9-9)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3359012.3359021
Szurdi JChristin NUhlig SMaennel O(2017)Email typosquattingProceedings of the 2017 Internet Measurement Conference10.1145/3131365.3131399(419-431)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1145/3131365.3131399
Show More Cited By

Index Terms

Strider typo-patrol: discovery and analysis of systematic typo-squatting
1. Applied computing
  1. Document management and text processing
    1. Document management
      1. Text editing
2. Theory of computation
  1. Design and analysis of algorithms
    1. Data structures design and analysis
      1. Pattern matching

Recommendations

Strider: automatic rate adaptation and collision handling
SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference

This paper presents the design, implementation and evaluation of Strider, a system that automatically achieves almost the optimal rate adaptation without incurring any overhead. The key component in Strider is a novel code that has two important ...
Combating Typo-Squatting for Safer Browsing
WAINA '09: Proceedings of the 2009 International Conference on Advanced Information Networking and Applications Workshops

Cyber-squatting is fast becoming a threat to the future viability of Internet commerce. Fraudulent abuse of domain name registration is at the core of cybersquatting. By registering domain names similar to famous brands, cybersquatters lure consumers ...
Strider: automatic rate adaptation and collision handling
SIGCOMM '11

This paper presents the design, implementation and evaluation of Strider, a system that automatically achieves almost the optimal rate adaptation without incurring any overhead. The key component in Strider is a novel code that has two important ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SRUTI'06: Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2

July 2006

59 pages

Publisher

USENIX Association

United States

Publication History

Published: 07 July 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
8
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Szurdi JLuo MKondracki BNikiforakis NChristin N(2021)Where are you taking me?Understanding Abusive Traffic Distribution SystemsProceedings of the Web Conference 202110.1145/3442381.3450071(3613-3624)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3442381.3450071
Ma ZReynolds JDickinson JWang KJudd TBarnes JMason JBailey MJansen RPeterson P(2019)The impact of secure transport protocols on phishing efficacyProceedings of the 12th USENIX Conference on Cyber Security Experimentation and Test10.5555/3359012.3359021(9-9)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3359012.3359021
Szurdi JChristin NUhlig SMaennel O(2017)Email typosquattingProceedings of the 2017 Internet Measurement Conference10.1145/3131365.3131399(419-431)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1145/3131365.3131399
Mariconti EOnaolapo JAhmad SNikiforou NEgele MNikiforakis NStringhini GBarrett RCummings RAgichtein EGabrilovich E(2017)What's in a Name?Proceedings of the 26th International Conference on World Wide Web10.1145/3038912.3052589(1161-1170)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/3038912.3052589
Mariconti EOnaolapo JAhmad SNikiforou NEgele MNikiforakis NStringhini GPolychronakis MGiuffrida C(2016)Why allowing profile name reuse is a bad ideaProceedings of the 9th European Workshop on System Security10.1145/2905760.2905762(1-6)Online publication date: 18-Apr-2016
https://dl.acm.org/doi/10.1145/2905760.2905762
Alrwais SYuan KAlowaisheq ELi ZWang XFu K(2014)Understanding the dark side of domain parkingProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671239(207-222)Online publication date: 20-Aug-2014
https://dl.acm.org/doi/10.5555/2671225.2671239
Szurdi JKocso BCseh GSpring JFelegyhazi MKanich CFu K(2014)The long "Taile" of typosquatting domain namesProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671238(191-206)Online publication date: 20-Aug-2014
https://dl.acm.org/doi/10.5555/2671225.2671238
Nikiforakis NVan Acker SMeert WDesmet LPiessens FJoosen WSchwabe DAlmeida VGlaser HBaeza-Yates RMoon S(2013)BitsquattingProceedings of the 22nd international conference on World Wide Web10.1145/2488388.2488474(989-998)Online publication date: 13-May-2013
https://dl.acm.org/doi/10.1145/2488388.2488474
Nikiforakis NInvernizzi LKapravelos AVan Acker SJoosen WKruegel CPiessens FVigna GYu TDanezis GGligor V(2012)You are what you includeProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382274(736-747)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382274
Almishari MYang X(2010)Ads-portal domainsACM Transactions on the Web10.1145/1734200.17342014:2(1-34)Online publication date: 29-Apr-2010
https://dl.acm.org/doi/10.1145/1734200.1734201
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents