Sign up to our newsletter
The latest security news direct to your inbox
Typosquatting http://en.wikipedia.org/wiki/Typosquatting, sometimes called URL Hijacking is a nefarious practice of registering a domain so that when someone makes a mistake in typing in a URL the result is a page they were not looking for. For example, if I was an unscrupulous competitor I might register the domain www.esey.com and try to sell a product different than ESET’s products. If you go to www.esey.com you will find that it is a search page. If you click on a link then someone is going to make money. Sometimes people register these domains to try to sell to companies, and sometimes it is to install malicious software when you type wrong. It is important to check your spelling in the URL! There is one very old example of typosquatting I absolutely love. The web site www.untied.com is a site with complaints about United Airlines. I found it when I typed untied instead of united. I always appreciated finding that site!
The Comcast approach to typosquatting is much more encompassing than typical typosquatting and is driven by greed. If you type in a URL for a page that does not exit, and there are infinite non-existent URLS, then rather than get the 404 – Page not found message that is prescribed by the standards, Comcast will dump advertising onto your screen. Unlike conventional typosquatting, this uses a protocol called DNS and that means they don’t have to register any domains, by default they get all unregistered domains until someone does register each of them.
Comcast has euphemistically named this the “Domain Helper Service” but it really is all about Comcast pushing advertising to you. Comcast, knowing how distasteful the practice of typosquatting is, requires customers who do not wish to be victims of typosquatting to opt out of the program, rather than using the respectful opt in approach. Reportedly, in order to opt out a customer has to provide their router’s MAC address. For many users this is simply a foreign language and they will not be able to comply and won’t know to look for simple instructions on how to do what a responsible ISP would have done for them automatically.. The fact is that Comcast could easily and automatically obtain that information, except they want to make it as tricky as possible for most users to opt out.
Comcast has even gone so far as to submit a white paper to the IEFT http://tools.ietf.org/html/draft-livingood-dns-redirect-00 suggesting that their method is a best practice for typosquatting. Of course, Comcast doesn’t admit that this is just a typosquatting trick and they call it “DNS Redirect”.
You can tell Comcast what you think of the “Domain Helper Service” at http://www.comcastvoices.com/2009/07/domain-helper-service-here-to-help-you.html#comments
Director of Technical Education
Author ESET Research, ESET