Comcast Embraces URL Hijacking

Typosquatting http://en.wikipedia.org/wiki/Typosquatting, sometimes called URL Hijacking is a nefarious practice of registering a domain so that when someone makes a mistake in typing in a URL the result is a page they were not looking for. For example, if I was an unscrupulous competitor I might register the domain www.esey.com and try to sell a product different than ESET’s products. If you go to www.esey.com you will find that it is a search page. If you click on a link then someone is going to make money. Sometimes people register these domains to try to sell to companies, and sometimes it is to install malicious software when you type wrong. It is important to check your spelling in the URL! There is one very old example of typosquatting I absolutely love. The web site www.untied.com is a site with complaints about United Airlines. I found it when I typed untied instead of united. I always appreciated finding that site!

The Comcast approach to typosquatting is much more encompassing than typical typosquatting and is driven by greed. If you type in a URL for a page that does not exit, and there are infinite non-existent URLS, then rather than get the 404 – Page not found message that is prescribed by the standards, Comcast will dump advertising onto your screen. Unlike conventional typosquatting, this uses a protocol called DNS and that means they don’t have to register any domains, by default they get all unregistered domains until someone does register each of them.

Comcast has euphemistically named this the “Domain Helper Service” but it really is all about Comcast pushing advertising to you. Comcast, knowing how distasteful the practice of typosquatting is, requires customers who do not wish to be victims of typosquatting to opt out of the program, rather than using the respectful opt in approach. Reportedly, in order to opt out a customer has to provide their router’s MAC address. For many users this is simply a foreign language and they will not be able to comply and won’t know to look for simple instructions on how to do what a responsible ISP would have done for them automatically.. The fact is that Comcast could easily and automatically obtain that information, except they want to make it as tricky as possible for most users to opt out.

Comcast has even gone so far as to submit a white paper to the IEFT http://tools.ietf.org/html/draft-livingood-dns-redirect-00 suggesting that their method is a best practice for typosquatting. Of course, Comcast doesn’t admit that this is just a typosquatting trick and they call it “DNS Redirect”.

You can tell Comcast what you think of the “Domain Helper Service” at http://www.comcastvoices.com/2009/07/domain-helper-service-here-to-help-you.html#comments

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Jack Warren

    Not that I don’t agree with you, I do.

    But you don’t really think that Comcast will pay any attention to anyone “tell(ing) Comcast what you think of the “Domain Helper Service”, do you?

    .

    • Randy Abrams

      History is full of successful people who didn’t quit when something looked impossible or improbably. The number of people who have failed because they lacked the courage to try is immeasurable. That the odds that Comcast will not listen are high is only an excuse for quitters.

  • Rich

    OpenDNS do the same thing – though their service is ‘opt-in’. URLs which don’t exist (or are temporarily unresolvable) result in an advert laden suggestion page being displayed.

    Still, none of this is anywhere near as annoying as true typosquatters hijacking what were once legit domains – ‘esey.com’ being a good example.

  • JLivingood

    “…rather than get the 404 – Page not found message that is prescribed by the standards…”

    Can you refer me to the exact standard that recommends that in RFC 2119 requirements language? I’ve not been able to find it in my research in developing the draft.

    Also, what you decry is also done by newer web browsers, not to mention web browser toolbars. Do you share the same concern no matter the method that this occurs?

  • Joseph Leonard

    I requested “Opt out” over 4 days ago. I’ve given up so I’ve changed my DNS from Comcast. You can do the same
    http://support.microsoft.com/kb/305553

    Here is a good number to use:

    http://www.root-servers.org/
    or
    http://www.opendns.com/

    Say goodbye to Comcast.

  • Joseph Leonard

    .
    Since July 17th, 2009 at 4:00 pm my comment has been waiting moderation. Simply put, since I complained that “opt-out” doesn’t work and I gave information on how to use someone else for DNS lookups, they are not going to show you my complaint.

    Typosquattes are just like spammers.

  • http://www.eset.com/threat-center/blog/ David Harley

    Certainly it’s possible to use an alternative service. While I’m not in favour of the Comcast approach, I wouldn’t suggest that people adopt the alternative service approach unless they have a reasonable understanding of how DNS works. There are other issues I won’t discuss here.

    There is a difference between what Comcast is doing and out-and-out spam. I assume – I haven’t checked personally – that what Comcast is serving is legitimate product/service advertising, whereas nearly all “real” spam is in some sense fraudulent. However, if Comcast is not honouring its opt-out commitment, that -certainly- sounds like cause for complaint.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

10 Jul 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.