Communications of the ACM - Ontology: different ways of representing the same concept
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Strider typo-patrol: discovery and analysis of systematic typo-squatting
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Cutting through the confusion: a measurement study of homograph attacks
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Quantifying the operational status of the DNSSEC deployment
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
An analysis of rogue AV campaigns
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Measuring the perpetrators and funders of typosquatting
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
You are what you include: large-scale evaluation of remote javascript inclusions
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Over the last fifteen years, several types of attacks against domain names and the companies relying on them have been observed. The well-known cybersquatting of domain names gave way to typosquatting, the abuse of a user's mistakes when typing a URL in her browser's address bar. Recently, a new attack against domain names surfaced, namely bitsquatting. In bitsquatting, an attacker leverages random bit-errors occurring in the memory of commodity computers and smartphones, to redirect Internet traffic to attacker-controlled domains. In this paper, we report on a large-scale experiment, measuring the adoption of bitsquatting by the domain-squatting community through the tracking of registrations of bitsquatting domains targeting popular web sites over a 9-month period. We show how new bitsquatting domains are registered daily and how attackers are trying to monetize their domains through the use of ads, abuse of affiliate programs and even malware installations. Lastly, given the discovered prevalence of bitsquatting, we review possible defense measures that companies, software developers and Internet Service Providers can use to protect against it.