BOOKMARK
PRINTMalware
When Malware Plagues Brands
Fri, 05/13/2011 - 10:14 — Josh Bourne — Permalink
This week, FairWinds published a paper that was the culmination of research into the prevalence of malware among typos of popular websites' domain names. We discovered that hundreds of these sites expose users to computer-infecting viruses, invasive spyware, or information-stealing Trojan horses.
Typically when we study typosquatting, we focus on the fact that the typographical errors that Internet users make while typing in the domain names of popular websites can cost the companies behind those sites millions of dollars in lost revenue and unnecessary advertising fees. However, in this most recent investigation, we found that users are at risk as well.
In total, we found instances of typo domain names that spread malware across the sites of 82 major brands. These include brands like Google, Microsoft, USA Today, The New York Times, AutoTrader.com and Travelocity.
When a cybercriminal exploits a recognizable and trusted brand name to spread malware, it can be extremely misleading to Internet users, and we have found that they may direct their anger toward the company in question. The FBI backs up these findings:
“We see it all the time,” says Supervisory Special Agent Charles Pavelites of the Internet Crime Complaint Center (IC3). “People believe what they see on the Internet and in emails. If a consumer visits a copycat site hosting malware that looks like it belongs to a legitimate company, he or she is more likely to believe that whatever harm is incurred is the company’s fault.”
When it comes down to it, brand owners must be diligent about enforcing their brands in the domain space and protecting their customers. When malware is involved, that goes beyond protecting against monetary losses to protecting customers and delivering the best online experience, while protecting brand equity in the process.
Just Another Day Out Phishing
Mon, 04/04/2011 - 10:22 — Josh Bourne — PermalinkAccording to CNET, security company Cloudmark recently announced on its blog that a phishing scheme that relies on duping people into updating Adobe Acrobat has resurfaced recently.
The scheme sends spam emails prompting users to click on a link to upgrade their Adobe Acrobat Reader. The site where the users land describes some of the software’s features, and also collects the contact information and credit card numbers of unsuspecting users. This information, of course, goes straight into the hands of cyber criminals.
And wouldn’t you know it – the domain name in the link contains the word “Adobe” to further trick users into trusting it and feeling comfortable divulging their information. Unfortunately, this is a problem we’ve seen many times before and will likely see again. Because of the legitimacy they have among consumers, cyber criminals continually use trusted brands in various types of online crimes. They know that Internet users are likely to trust a major, well-known brand.
Phishing is not the only type of crime that relies on domain names containing brand names. FairWinds recently performed an investigation that examined which typo variations of the domain names of highly popular websites are being used by cyber criminals to spread malware – viruses, worms, Trojans and the like. We discovered that typos of major brands like Google, PayPal, The New York Times and others were all being exploited and putting consumers at risk. The paper will be published shortly, so keep an eye out for it.
One-Third of all .COM Sites Are a Risk
Wed, 12/09/2009 - 18:07 — Phil Lodico — PermalinkMcAfee, one of the leading manufacturers of anti-virus and security software, recently released a report titled “Mapping the Mal Web” that analyzes the relative risk of top-level domains (TLDs). The TLD for Cameroon, .CM, ranked at the top of the world’s riskiest TLDs. Alarmingly, .COM took second place on McAfee’s overall list. According to the report, 32.2% of all .COM Web sites contain browser exploits like drive-by downloads of spyware, adware or malicious content; lead to phishing scams; or bombard users with excessive pop-ups. Since .COM is the most popular TLD, 32.2% amounts to a total of 918,873 risky domains.
In addition to overall risk, McAfee ranked TLDs by specific threat. Romania’s TLD, .RO, had the highest portion of malicious downloads, while .INFO was ranked worst for spam, with 17.2% of its sites generating junk email. On the other end of the scale, the governmental TLD .GOV is the safest generic TLD, while Japan’s .JP is the safest ccTLD.
The popularity of .COM makes it an ideal target for bad actors because so many Internet users intuitively type in .COM at the end of domain names. Since .CM is such a common typo of .COM, it is not surprising that it is the top choice among cybercriminals. (We’ve written about threats posed by .CM before) [link to a past post]. According to the BBC, Hong Kong’s .HK ccTLD topped last year’s list of riskiest domains, but since has taken measures to become safer. Specifically, the Hong Kong Internet Registration Corporation Ltd, which supervises domain registration for .hk Web sites, said that asking for proof of identity was one tactic that has led to a decline in suspicious applications.
