Network Of 7K Typo Squatting Domains Drives Huge Traffic To Spam Web Sites

A report from Websense finds that spammers are cleaning up on misspelled domain names for prominent sites. A network of such typo squatting sites is driving millions of visitors to a Web site controlled by the spammers, making it one of the most traffic sites on the Internet.

A report from Websense finds that spammers are cleaning up on misspelled domain names for prominent sites. A network of such typo squatting sites is driving millions of visitors to a Web site controlled by the spammers, making it one of the most traffic sites on the Internet.

The report, on Websense’s blog, is a follow up to an earlier report which observed that spammers were generating huge traffic by purchasing typo squatting domains for the microblogging Web site Twitter.com, then redirecting would-be Twitter users to their own domains, such as video-rewardz.com, a spam site. In its latest report, the researchers at Websense say that the same network of typo squatting sites also includes typo squatting domains for major online and retail Web sites, including Google’s Gmail and YouTube Web sites, Wikipedia, LinkedIn and The Home Depot. The network is funnelling tens of millions of monthly viewers to shady Web sites controlled by the spammers, which have appeared high up on ratings of prominent Web sites such as Alexa.com

One estimate puts the value of the highly trafficked spam sites at $20 million, based on traffic.

The use of look-alike domain names that exploit typing errors or common domain name misspellings are nothing new. In the past, they’ve been linked closely to malicious software campaigns, though that doesn’t appear to be the case with the network that Websense has identified.

According to the researchers, the thousands of sites in the typo squatting network redirect visitors to a suspicious URL via a URL shortening service. That site, in turn, redirects them to a spam survey site which harvests a variety of personal information. After that, visitors are redirected to yet another network of Web sites on which spam advertisements are displayed based on the visitors’ interests. Though the network is not distributing malicious software to date, Websense warns that cyber criminal groups could easily buy or lease the network to distribute malware in drive-by downloads.

Read more on the Websense blog here.

Suggested articles

Discussion

  • Lou from NH on

    I have been using Firefox and their URL fixer add-on catches quite a bit of the mispellings for web sites.

    I would bet they are going to try and tighten it up more in light of this report.

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.