Truss Reading List: Typosquatting

DNS typosquatting is the practice of purchasing domains similar to existing domains in order to take advantage of users' mistakes and direct traffic elsewhere than the intended destination. The closely related cybersquatting, in which individuals buy domains they think others will want for obvious reasons (like the recently famous examples of and, has a similar use. The practice of typosquatting relies on typos ("fat fingers", incorrect spelling, different TLDs) to bring users to urls with similar names. Think typing in or trussw.orks when trying to find our site. 

At its most benign, typosquatting can be comical or annoying. But often the intention is more malicious. Frequently, typosquatters use their almost-right domains to generate revenue via adware or by redirecting users to sites that mimic the functionality they expect. It can be a way for bad actors to expose users to undesired cookies or malware, or to capture personal information. 

This week, we are highlighting a couple of informative posts about established and experimental forms of typosquatting.

From incolumitas: Typosquatting programming languages package managers
This is a post from a student who wrote his bachelor's thesis on typosquatting in package managers commonly used by Python, Ruby on Rails, and Node.js programmers. 

From Endgame.: What does Oman, the House of Cards, and Typosquatting Have in Common? The .om Domain and the Dangers of Typosquatting:
This post, from Endgame's Malware Research and Threat Intelligence Team, describes why Oman's ccTLD is so alluring for typosquatters.

From Wired: Researchers' Typosquatting Stole 20 GB of E-mail from Fortune 500 Company
This is an older article (from 2011) detailing how researchers set up "doppelganger" domains to intercept emails. As you can see, it's not a new tactic. But it continues to be effective.