Site icon Leonid Mamchenkov

Typosquatting hack

I’ve been hearing a lot about typosquatting recently. Typosquattting is a method bad guys use to make money on the Internet. What they do is they get a list of popular domain names, like Google.com and Yahoo.com, then figure out which are the most common ways people mistype these addresses, and then they register those mistyped domain names and use them for making money by displaying advertising banners and redirecting to other web sites.

If you think about it for a second, there are a few types of typing mistakes which are easier to make. Missing a character, typing a couple of characters in the wrong order (‘teh’ instead of ‘the’), typing a sticky character (‘nn’ instead of ‘n’), or hitting a wrong key on the keyboard (‘u’ instead of ‘i’). All these mistakes are easy to predict and, thus, use for typosquatting.

While I was thinking about it, I decided to try it out – write a small script that will check how many mistyped domains are there and how many of them are already registered. It turned out, the script was extremely easy to write – I started with it with my morning coffee and finished it before the coffee got cold. It took about altogether about 8 minutes, so don’t jump too hard on it.

domain_finder.pl

Requirements

You won’t need a lot to try it out – perl interpreter, Net::Domain::ExpireDate module (get it from CPAN), and Internet connection.

How to use

In the simplest form you can just run the script like this:

./domain_finder.pl google

You’ll see a whole bunch of variations on how to mistype “google”, and the status of .com domain for each of these variations.

For more control, check the script’s source code. You can easily make it more silent or more verbose, check domains in other TLDs, and create your own rules for typing mistakes.

How does it work

The script takes a single parameter – the domain that you want to check, without the TLD part. It then creates all variations of this domain with the following mistakes:

All these variants will be sorted and dups removed. After that, each variant will be checked with (pre-configured) TLD part appended to it. If the resulting domain is registered, than the expiration date will be printed out. If the domain is not registered, it will be indicated as such.

Conclusion

With this tool in my hands, I tried a whole bunch of domains – from “google” to “mamchenkov”. What can I say? I suspected that typosquatting is a big problem, but I could never imagine how big it was.

Here are some numbers to give you an idea (we all love stats, don’t we?):

NOTE: I’ve been checking these only in .com TLD and I used pretty simple typing mistakes. For example, hax0r-style typing is not included in my rules.

The tool turned out to be quite handy. I might even convert it into a web service, so that domain owners could easily check if they are victims of typesquatting or not (yet).

Feel free to use the script for good causes.

Exit mobile version