[At-Large] "Measuring the Perpetrators and Funders of Typosquatting" by Tyler Moore and Benjamin Edelman

Last Updated: 21 March 2010

"Measuring the Perpetrators and Funders of Typosquatting," by Tyler
Moore and Benjamin Edelman was presented at the "Financial
Cryptography and Data Security" conference in January this year
(http://fc10.ifca.ai/) :


We describe a method for identifying `typosquatting', the intentional
registration of misspellings of popular website addresses.
We estimate that at least 938,000 typosquatting domains that target
the top 3,264 .com sites, and we crawl more than 285,000 of these
domains to analyze their revenue sources.
We find that 80% are supported by pay-per-click ads, often advertising
the correctly spelled domain and its competitors.
Another 20% include static redirection to other sites.

We present an automated technique that uncovered 75 otherwise
legitimate websites which benefited from direct links from thousands
of misspellings of competing websites.
Using regression analysis, we find that websites in categories with
higher pay-per-click ad prices face more typosquatting registrations,
indicating that ad platforms such as Google AdWords exacerbate
However, our investigations also confirm the feasibility of
significantly reducing typosquatting.
We find that typosquatting is highly concentrated: Of typo domains
showing Google ads, 63% use one of five advertising IDs, and some
large name servers host typosquatting domains as much as four times as
often as the web as a whole.

Read the paper at http://www.benedelman.org/typosquatting/typosquatting.pdf
Appendix : http://www.benedelman.org/typosquatting/
Also see : http://www.lightbluetouchpaper.org/2010/02/17/measuring-typosquattings-p...

Dev Anand Teelucksingh

(HT : Schneier on Security blog)

At-Large mailing list

At-Large Official Site: http://atlarge.icann.org