Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

High-Tech Bridge : Cyber squatters and phishers are winning the battle against antivirus companies

December 2013 by High-Tech Bridge

Nowadays, illegal online activities such as Phishing and Typosquatting are growing at an alarming rate. To understand the issue in detail High-Tech Bridge conducted research into how cyber-fraudsters are abusing domain names that are similar to the legitimate domains of most popular antiviruses:

Symantec Antivirus
Kaspersky Antivirus
McAfee Antivirus
Avast! Antivirus
Bitdefender Antivirus
Avira Antivirus
Norton Antivirus
F-Secure Antivirus
G Data Antivirus
Panda Antivirus

High-Tech Bridge used the ImmuniWeb® Phishing Monitor module of its proprietary web security assessment ImmuniWeb® SaaS (Software-as-a-Service), to analyze 946 domains that may visually look like a legitimate domain (for example replacement of “t” character by “l” character, or mutated domain names such as “kasperski.com” or “mcaffee.com”) or that contain typos (e.g. “symanrec.com” or “dymantec.com”). For the ten antivirus companies, ImmuniWeb detected 385 domains which can be classified by the following categories:

 164 Fraudulent Domains. Domains registered by third-parties to make money on users erroneously visiting websites hosted on these domains (due to a typo in URL or a phishing campaign) by displaying ads, redirecting users to questionable websites selling illegal or semi-legal products and services, etc. 164 domains were detected (42.5%).

 107 Corporate Domains. Domains registered by the antivirus companies to prevent potential Typosquatting and illegal usage of these domains. 107 domains were detected (27.7%).

 73 Squatted Domains. Domains registered by cyber-squatters in the hope that the antivirus companies or third-parties will buy the domains at some point in the future. Websites on these domains are not active. 73 domains were detected (18.9%).

 41 Other Domains. Domains registered by third-party businesses or companies that may have a legitimate reason to register the domain (e.g. similar Trade Mark or company name) without intention to spoof the identity or to benefit from user typos. 41 domains were detected (10.6%).

Detailed statistics are provided in the table below:

Domain name Fraudulent domains Corporate domains Squatted domains Other domains
www.symantec.com 35 5 11 2
www.kaspersky.com 13 46 17 0
www.mcafee.com 7 40 5 1
www.avast.com 25 0 10 11
www.bitdefender.com 22 3 3 2
www.avira.com 19 0 12 12
www.norton.com 29 2 3 9
www.f-secure.com 3 4 5 3
www.gdatasoftware.com 1 1 0 0
www.pandasecurity.com 10 6 7 2

Corporations, governments and law-enforcement agencies go to great lengths to prevent abusive or illegal domain name registration and usage. However, our research revealed that the average age of a fraudulent domain is as high as 1181 days, and the average age of a squatted domain is 431 days.

Research results show that some antivirus companies pay attention to such illegal activities and try to prevent them, for example Kaspersky and McAfee purchased more than 70% of the domains that could be potentially used for illegal purposes if registered by third-parties. While others should probably pay more attention to domain squatting, monitor illegal activities and block them.

We also wanted to understand which domain registrars are used by cyber crooks to registerfraudulent and squatted domains. The most popular domain registrars for fraudulent or squatted domains are listed in a table below:

Registrar name Number of domains
FABULOUS.COM PTY LTD 27
GoDaddy.com, LLC 25
PDR Ltd. d/b/a PublicDomainRegistry.com 24
ENOM, INC 18
TUCOWS, INC 15
ABOVE.COM PTY LTD 13
MONIKER ONLINE SERVICES LLC 12
MarkMonitor, INC 8
Internet.bs Corp 7
NAMEKING.COM, INC 6

During the research we also collected statistics about the most popular countries in which to host websites with fraudulent content. The list is provided below:

Country Number of hosted websites

United States 75

Australia 24

Switzerland 19

Germany 16

United Kingdom 8

Marsel Nizamutdinov, Chief Research Officer at High-Tech Bridge, comments on the research:"Our research clearly demonstrates that cyber criminals do not hesitate to use any opportunity to make money on domain squatting and subsequent illegal practices. There are many ways to make money from these domains: they can be resold at a profit to the legitimate owner of the Trade Mark, used to display annoying ads, redirect users to pornographic or underground pharmaceutical websites, or even to infect with malware user machines who accidentally made a typo in the URL or clicked a phishing URL. The last scenario is the most dangerous, for example a consumer wanting to purchase an antivirus for a new PC who accidentally mistypes the domain name in his browser could find that his machine will be infected by malware turning it into a zombie to perform DDoS attacks or send spam. Sometimes the attacks are so sophisticated that the victim will not even notice anything, as after quick and successful contamination he will be forwarded to the legitimate website. Some websites are just harmless doorways, unless you surf them from an IP address belonging to a specific country and/or your operating system and browser are not up-to-date."

Ilia Kolochenko, High-Tech Bridge CEO, says: "We can see that even such powerful businesses as antivirus companies are falling victim to cyber squatters and fraudsters. Today, not many countries have efficient laws against cyber crime, fraud and Trade Mark abuse. Jurisprudence in this domain is even less developed. Governments in many countries refuse to collaborate in cybercrime investigations. Law enforcement agencies don’t have enough skilled people, budget and experience to counter digital crime. Only by joining the efforts of the private sector, governments and law enforcement agencies can we prevent, or at least minimize, illegal activities in the digital space. I strongly recommend supporting various initiatives of the OTA Alliance and the IMPACT Alliance, as we have been doing at High-Tech Bridge since 2010."

Craig Spiezle, Executive Director and President of Online Trust Alliance (OTA), adds: "Brand jacking, cyber-squatting and phishing email continue to target consumer and tarnish the reputation of legitimate brands, sites and mobile applications. This underscores the importance of brands taking proactive measures to fight these threats and for the ecosystem to work together."


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts