Measuring Typosquatting Perpetrators and Funders

Moore, Tyler, and Benjamin Edelman. Measuring Typosquatting Perpetrators and Funders. Light Blue Touchpaper. February 17, 2010.

Reprinted at CircleID.

Introduction to Moore, Tyler, and Benjamin Edelman. “Measuring the Perpetrators and Funders of Typosquatting.” Lecture Notes in Computer Science. Springer-Verlag. Financial Cryptography and Data Security: Proceedings of the International Conference 6052 (2010).

Measuring the Perpetrators and Funders of Typosquatting

Moore, Tyler, and Benjamin Edelman. “Measuring the Perpetrators and Funders of Typosquatting.” Lecture Notes in Computer Science. Springer-Verlag. Financial Cryptography and Data Security: Proceedings of the International Conference 6052 (2010). (Introduction, Web appendix.)

We describe a method for identifying “typosquatting”, the intentional registration of misspellings of popular website addresses. We estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources. We find that 80% are supported by pay-per-click ads, often advertising the correctly spelled domain and its competitors. Another 20% include static redirection to other sites. We present an automated technique that uncovered 75 otherwise legitimate websites which benefited from direct links from thousands of misspellings of competing websites. Using regression analysis, we find that websites in categories with higher pay-per-click ad prices face more typosquatting registrations, indicating that ad platforms such as Google AdWords exacerbate typosquatting. However, our investigations also confirm the feasibility of significantly reducing typosquatting. We find that typosquatting is highly concentrated: of typo domains showing Google ads, 63% use one of five advertising IDs, and some large name servers host typosquatting domains as much as four times as often as the web as a whole.

Typosquatting: Unintended Adventures in Browsing

Edelman, Benjamin. “Typosquatting: Unintended Adventures in Browsing.” Cybercrime Gets Personal, McAfee Security Journal (fall 2008): 34-37.

Typosquatting is the practice of registering domain names, identical to or confusingly similar to trademarks and famous names, in hopes that users will accidentally request these sites–whereupon they will receive, typically, advertisements. This piece presents the basic typosquatting business model, based on my analysis of more than 80,000 typosquatting domain names. I analyze the advertising intermediaries that make typosquatting profitable, and I assess the legislation and litigation that are beginning to put a check on this practice.

Large-Scale Registration of Domains with Typographical Errors

Large-Scale Registration of Domains with Typographical Errors. (January 2003)

The author reports more than eight thousand domains that consist of minor variations on the addresses of well-known web sites, reflecting typographical errors often made by Internet users manually typing these addresses into their web browsers. Although the majority of these domain names are variations of sites frequently used by children, and although their domain names do not suggest the presence of sexually-explicit content, more than 90% offer extensive sexually-explicit content. In addition, these domains are presented in a way that temporarily disables a browser’s Back and Exit commands, preventing users from exiting easily. Most or all of the domains are registered to an individual previously enjoined by the FTC from operating domains that are typographic variations on famous names, and these domains remain operational subsequent to an injunction ordering their suspension.

 

Domains Reregistered for Distribution of Unrelated Content: A Case Study of “Tina’s Free Live Webcam”

Domains Reregistered for Distribution of Unrelated Content: A Case Study of “Tina’s Free Live Webcam”. (March – April 2002.)

In recent years, many Internet users have become aware that when domain names expire (after their original registrants forget, fail, or otherwise decline to renew them), the domain names may be reregistered by others. This feature of the management of the domain name system might be thought to be desirable since it allows and facilitates a turnover of names from those uninterested in using them to those who in fact do seek to put them to active use. But recent experience shows that this structure also allows domains to be renewed by firms who do not seem to seek to use the domains to offer original content but rather seem to hope to profit from the prior promotional works of others.

In particular, such firms often offer pornographic or sexually-explicit images, advertising, or links or redirects to other commercial sites. The apparent expectation of such firms is that at least some users will request the web pages previously (before domain expiration) hosting other content; any such users will instead be shown this new content, likely creating profits for the firms that reregistered the expired domain names.

In this article, I document several thousand domains reregistered by one particular firm — many domain names that all redirect users to one particular web page displaying sexually explicit images. While this research is by no means exhaustive — other firms are likely conducting similar registration practices, and still others make numerous registrations and reregistrations that no doubt differ in various ways — a review of these specific registrations as well as their general characteristics may be helpful in understanding the behavior at issue.