Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


March 23rd, 2012

Misspelling goes criminal with typosquatting

Inaccurate spelling means more than poor marks at school, it is a billion dollar business opportunity for typosquatters. At a single IP address, the AVAST Virus Lab has identified 8,600 typosquatting sites, registered variations of well-known sites or brands. Two identifiable targets were the Craig’s List online classified ad service and YouTube, other site addresses were parodies of Hotmail, Google, and YouTube – basically everyone.

After going to one of the identified typosquatting sites, visitors are redirected to one of several hundred “quiz” sites where they receive an offer of a “free” prize such as an iPhone. The sites typically make money through premium phone calls, selling advertisements, and reselling the emails collected from visitors.

Spelling errors are a huge moneymaker on the internet. A Harvard research paper[1] estimated that a major search engine alone could be making nearly a half billion dollars annually just on pay-per-click ads from typosquatting sites. Add in the other search engines and the revenue from the sites identified by AVAST, and typosquatting could easily be a billion dollar market.

“It is not technically malware, but it is online fraud and features like AutoCorrect in Microsoft Word have really let people get lazy with their spelling,” pointed out Jindrich Kubec, head of the AVAST Virus Lab. “The popularity of Craigslist with this one gang gives us a great sample set to demonstrate the types of spelling errors the bad guys are looking for.”

The Craigslist typosquatting focused on three basic spelling errors:

1.            Reversed/omitted letters – indianapolis.criagslist.org

2.            Wrong address format – craigslistpittsburgh.org

Craigslist places the city name first, followed by “.craigslist.org”

3.            Wrong top level domain – craigslistaustin.com

Craigslist, at least within the United States, uses the “org” top level domain, not the much more common “com”. Other countries use their own national code such as jp for Japan.

Keeping safe from typosquatting depends on the individual user, with assistance from their antivirus program and search engine. “We block known typo and ‘quiz’ sites – several hundreds of them – so this is a big start,” explains Mr. Kubec. Beyond error-free typing, here are three tips for keeping safe from typosquatters that your English teacher never mentioned:

1.            Know the correct address and domain before you start typing.

2.            Go to sites through a search engine such as Bing or Google. This can reduce – but does not eliminate – the risk from a typo.

3.            Think before you click or call – If you are offered a free iPod, maybe it’s not so free.

 


[1] http://www.benedelman.org/typosquatting/typosquatting.pdf

  • howard

    HI I would just like to say that I myself feel better nowing that avast will block a lot of these sites but I must say that you can never been to Careful common Sense is the greatest security of all when it comes to going to some of these typosquatting sites in general.

    Thanks Avast lab and keep up the great work.

  • Tech

    Lyle, am I right when I think that Net Shield and Web Shield include antiphishing capabilities and we’re all protected?

    Some years ago we asked for an ad blacklist being shipped into the virus definitions database. Will we see it?