Specialists at Georgia Tech and Stony Brook University in the U.S. presented the results of the first large-scale study of its kind. The subject of the study is so-called “combosquatting”. This term is used to describe registration of domain names for malicious purposes that contain names of famous brands as well as other words, for example, yahoofiles.com, googlehealthyfood.com, etc. However, there is no need in searching for examples, because all Internet users most probably encountered such domains.
These domains very often have nothing to do with mentioned brands and criminals use them to compromise personal data, distribute malware or sell counterfeit goods. Combosquatting is very similar to typosquatting, which is based on substitution of similar letters in domain names of well-known brands. However, the possibilities of typosquatting are quite limited, while possibilities of combosquatting are much wider. This is what the research has proved, reports DomainPulse.
Researchers analyzed data of over 460 billion records of DNS requests over 6 years. The leading North American Internet providers gave this information for the study. They discovered 2.7 million combosquatting domains, associated with 268 famous brands. The number of such names turned out to be 100 times higher than the number of typosquatting domains. Domain names also turned out to be “hardier” – 60% of them existed for over 1000 days. All of this is a good explanation for why combosquatting is so popular among scammers. Registration of such names grew steadily over the last 5 years.
At the same time, some of these names were initially registered by trademark owners, who later on simply didn’t renew the registrations and criminals managed to get them. Another fact that draws attention is that registration of many combosquatting names has been renewed many times. This proves that registrars and registries do not pay enough attention to the problem. “Imagine what happens in a city when the garbage isn’t picked up regularly,” said one of the researchers Manos Antonakakis. “The garbage builds up and you have diseases develop. Nobody collects the garbage domains on the internet, because it’s nobody’s job. But there should be an organization that would collect these malicious domains so they cannot be reused to infect people.”
