What is the actual condition of a typosquatting site that earns 50 million accesses a year by mistyping URL?

byMary Cullen

The mistake of mis-typing URLs and redirecting the access to a specific URL to a page not related at all by using misspelling is called "Typosquatting"is. Blog dealing with information on Internet security "Krebs on Security"It is reported that access to more than 12 million typosquatting sites has already been confirmed in the three months from January to March 2018 in March.

Dot - cm Typosquatting Sites Visited 12 M Times So Far in 2018 - Krebs on Security
https://krebsonsecurity.com/2018/04/dot-cm-typosquatting-sites-visited-12m-times-so-far-in-2018/

If you inadvertently type in an address manually in the web browser, it will be an address that does not exist if it is inadvertently typed, so "HTTP 404 Not Found (undetected)" error will be displayed . However, for sites that are accessed a lot from around the world, they may be redirected to pages or vulnerable sites containing viruses or malware.

In particular, since there is a history of more than 30 years, ".com" which is the most used generic top-level domain (gTLD), since there are many mistakes of leaking out the character of "o" There are many cases where URLs with ".cm" are used for typosquatting. ". Cm" is the country code top level domain of Cameroon.


Most of ".cm" addresses of sites with many users, such as iTunes, Facebook, Costco, Wal-Mart, etc., are used for such typosquatting. Krebs on Security has investigated and it seems that all over 1500 ". Cm" addresses are redirected to two typosquatting sites, most of the hosted IP addresses are common .

In addition, from the provider that hosts over 1000 typoquatting site groups, it turned out that the access log of the entire network over the past 4 years can be downloaded. Security expert Mr. Matthew Chamber analyzed the access log of this IP address and it turned out that more than 8.7 million people in January to March of 2018 were stuck in the typosquatting It was. From this result, Krebs on Security calculates that the typosquatting damage caused by a series of ".cm" addresses will reach about 12 million cases in January to March of 2018, reaching nearly 50 million a year.


According to the survey results above, Krebs on Security should "stop the habit of directly entering the site name in the address bar of the web browser and stop the habit now, frequently it is better to register the frequently visited site as bookmark and jump. In the comment section, "The solution of the era when there was a lot of spam e-mails carrying malicious links was the trend that by using the address manually entered into the browser, the bookmark should be used this time It was also pointed out that malware that changes bookmark ".com" to ".cm" will be a matter of time "also appeared.

In addition, Krebs on Security further investigation, specified the mail address that is registering domains of more than 1,500 typews quotting sites. Furthermore, another mail address associated with the mail address is determined, and the mail address is registered in the marketing company located in Colorado, USAMedia BreakawayWe are concluding that it is almost definite that it is from executives.

Scott Richter, CEO of Media Breakaway, who is famous for running a spam company sending hundreds of millions of spam everyday is a person named as "King of Spam". Mr. Richter was appealed by the Attorney General of Microsoft and New York in 2003 and is bankrupted following a judgment of 500 million dollars (about 54 billion yen), but even a new company established without discouragement is annoying as well It seems that spam business is repeated. Krebs on Security requested comment from Mr. Richter and Media Breakaway, but there was no reply.