URL-based Malware Makes Typos Dangerous

NicoleMotta - March 15, 2016 - 01:42 PM

URL-based Malware Makes Typos Dangerous

According to new reports, security researchers have discovered a new malware that preys on users' URL typos.

Researchers from security firm Endgame reported the malware on Friday, detailing the dangers of "typosquatting." According to their report, accidentally dropping the "c" in ".com" could leave users at risk. "One particular Endgamer made an innocent, but potentially damaging mistake. He mistyped the domain 'www.netflix.com' as 'netflix.om' in his browser, accidentally dropping the 'c' in '.com.' He did not get a DNS resolution error, which would have indicated the domain he typed doesn't exist. Instead, due to the registration of 'netflix.om' by a malicious actor," explained the Malware Research and Threat Intelligence team in a blog post. Visitors to the .om version of the sites are redirected several times before landing on a malicious "Flash Updater" page. If a user accepts this update, the software will be downloaded and installed, with some unwanted adware extensions along with it.

According to Endgame's Malware Research and Threat Intelligence team, there is at least one major .om typosquatting campaign targeting well-known organizations. This campaign has targeted over 300 organizations, including Netflix, and is expected to continue to attempt to expand its reach. "While the typosquatting campaign currently is a relatively unsophisticated effort, this kind of opportunistic behavior is typical of typosquatting and watering hole campaigns," said Endgame. "Our research also indicates that .om domains associated with the vast majority of major brands may be unregistered. It does not appear that companies are widely including the .om in their typosquatting mitigation strategies. We strongly recommend doing so."

Photo: © iStock.
Add comment


Respond to Anonymous User