Domains That Are Typos of Other Domains

[SpamCop 98]

...collaborators from CrySyS lab provided a large list of all the domains that are typos within the com zone file; the particular sample was from March 15, 2013. CrySys identified 4.7 million likely domains out of the 108 million domains in the com zone file. These are typos of the 520,000 most common .com domains, according to Alexa. It’s common for an organization to register several common misspellings of its own domain and redirect the users to the correct site. Checking for this, 2.3 million typos seem to be outside the control of the owner of the original domain—they are truly typos that we’d expect to be malicious, but this simply does not appear to be the case.

The original, real domains that are in the Alexa top 520,000 are more likely to appear on black lists than the typos of them. I compared the Alexa domains and the true typo domains to 12 black lists from various sources. In each case, the Alexa domains are more likely to host malicious activity. Note that the percentage of domains from the Alexa “most popular .com domains†is always higher than the percentage of typo domains.

http://www.cert.org/blogs/certcc/2013/08/d...os_of_othe.html

[turetzsr]

<snip>

they are truly typos that we’d expect to be malicious, but this simply does not appear to be the case.

<snip>

...Well, actually, I'm not terribly surprised, since there are a lot more people on the internet who simply want to find a way to get more money (in this case via hits due to accidental mis-types of host names in a URL) than there are with both the "skills" and the anti-social personalities necessary to deliver malware via the web.

[Farelf]

Darn, how can I maintain my paranoia in the face of such facts and logic? Nathless, I try.