Microsoft 'URL Tracer' Hunts Typosquatters

TonioSop writes "Microsoft Research has released a new tool to help pinpoint large-scale typosquatters that are known to be gaming pay-per-click domain parking services. The lightweight prototype, called Strider URL Tracer, builds on the work within Microsoft's Cybersecurity and Systems Management group to keep tabs on a sophisticated typosquatting scheme that uses multilayer URL redirection to make money from Google's AdSense for domains program. "

Dupe

[liliafan]

Geez editors this is a dupe I was reading this same article at slashdt.org earlier *sigh* :)

Re:Dupe

[onebecoming]

Here's my favorite misspelling: slsahdot.org

Let's see what the stats look like today.

Yay?

[GrumblyStuff]

But would MS really like it being used to help fix Google's troubles?

Re:Yay?

[larry+bagina]

Well, this is from Microsoft Research, which is reminiscent of what Bell Labs used to be like. Anyhow, it helps google, but it also throws egg on their face... like when 3rd parties release IE bug fixes before MS does.

Re:Yay?

[sjwest]

"Stealing Brand Traffic" ? - thats on page 2 of the article if you have not read it - Good heavens you better send these 'terrorists' to Cuba at the same time.

While I cannot spell shakespears-globe.org and always end up at some typosquatter i feel this is my fault not a trademark 'ip theft' - or put another way amzon should have registered that too along with amazon

Looks like standard ms 'fud' here. - Im still blaming my english teachers and 1960's teaching methods. - if these guys had there way billgatesisgay.com would link to microsoft.com - to stop 'theft' or censor the internet. but i dont trust microsoft.

Re:Yay?

[SpaceCadetTrav]

Google owns oingo.com, one of the largest "parked domain" companies out there.

Great news.

[gregarican]

Now I have a new buzzword to gratuitously throw out there...typosquatting. Sweet.

Re:Great news.

[gregarican]

I have been caught red handed, cybersquatting on the information superhighway. I should be e-rrested immediately.

Re:Great news.

[dr_dank]

Typosquatting sounds like it was coined by the grammar nazis. Observe its use in such a sentence:

After Tad posted that illiterate post on Slashdot, the grammar nazis typosquatted down and took a big dump all over it.

Re:Great news.

[arivanov]

There are people who are using specialised software for this and it is a well developed industry.

For example:

Most UK Nildram customers with a static IP have a hostname in the form username.gotadsl.co.uk. Nildram has minimal restrictions on services which you can run (only SMTP is subject to relay check, everything else is fare game). It is also an old business ISP so most people on static IPs are actually running something on these addresses.

So as a result some enterprising individual is running a dedicated typosquatting service. In fact it has been running it for quite a while.

If you query any address in the domain goatadsl.co.uk you will always get the following answer:

$dig arivanov.goatadsl.co.uk
arivanov.goatadsl.co.uk. 86400 IN A 217.160.182.197

Similarly,
$dig aivanov.goatadsl.co.uk
aivanov.goatadsl.co.uk. 86400 IN A 217.160.182.197

And
$dig utterbollocks.goatadsl.co.uk
utterbollocks.goatadsl.co.uk. 86400 IN A 217.160.182.197

I have not tried what is on that IP, but it is a classic typosquatting on an industrial scale. It has been there for at least a year now, possibly longer.

This is just an example off the top of my head. I bet that there are plenty others out there.

Re:Great news.

[CanSpice]

Actually, goatadsl.co.uk is a legitimate ISP. I would have gone with them but their download rates are only 1.5 megableats per second.

Typosquatter gone Extinct

[digitaldc]

And here we have the Typosquatter, a theropod dinosaur, roughly between the early punchcards and their ultimate culmination in the Domain-Squatting dinosaurs. It lived between 1 to 13 years ago, in the Windows Ages.
Of the early Internet period, though one unknown species is from the very late Typewriter period. The various Typosquatter species are bulky omnivores, ranging from approximately 2 to 3 metres (5-8 feet) in height, and averaging about 235 pounds in weight.
Its most distinctive feature was the uncanny ability to take on the likeness of other domains, likely used for trapping its fumbling prey and for phishing scams. It was recently hunted to extinction by Tyrannus Microsoftus using its most effective method of capture, the 'URL Tracer.'

As an added bonus...

[blincoln]

...if there are more than 1000 participants, Microsoft will pay them each $1000.

Sleezy - glad someone is looking into it

[fak3r]

Squatting on domains is one thing, but having them resolve to some default "search" page is just bs - the fact that some of those screens show disneychanel.com mis-spelled going to porn sites makes me sick - kids are going to be misspelling (!) that...fuckers. Then, here's a site that allows you to "park" yr domain to make money on people misspelling (!) URLS:

"Sedo's new Domain Parking Program lets you earn money from your domain names without needing to develop your own site. Even better, Sedo's statistics show that domains parked with Sedo are 5 times more likely to be sold!"

http://sedoparking.com/

Re:Sleezy - glad someone is looking into it

[generic-man]

Google AdSense for domains

If Google does it, it obviously isn't an evil act.

Re:Sleezy - glad someone is looking into it

[Jafafa+Hots]

But of course, having incorrectly-typed URLs that don't go ANYWHERE automatically resolve to MSN Search is just fine and not opportunistic at all, right? And the fact that shutting down these "typo-squatters" will thereby create more opportunities for people to end up at MSN Search is just a happy coincidence, no?

Help me understand how this helps me?

[RobertB-DC]

The article sure made a big to-do about how typosquatters target kids, implying that the Bad Guys want to get 11-year-olds to steal their parents' credit cards so that they can visit neopetsporn.com or something.

So, what, I'm supposed to install this on my PC instead of teaching my kids how to hit the "esc" key and then hit "back"? As a parent, I've always figured it was *my* job, not Bill's, to teach my kids to surf safely. Heck, I even gave the rest of my family detailed instructions on how to respond if they accidentally visited the porn squatter at the dot-com next door to my family's domain name.

Of course, I guess if you're using Internet Explorer, you probably need some sort of blocker for the sites that send you to Popup Hell or otherwise highjack your browser. Strange how I never have this problem myself (coughcoughcough).

Is it illegal?

[Camel+Pilot]

So once you catch one of these typosquatters what do you do with them. Is it illegal ?

Another example

[fak3r]

If you have a domain you can also 'park' it here to earn revenue..

http://www.fabulous.com/

If you don't have one they'll sell you one and have it earn revenue. Are these the sites that just pollute the hell outta search engines so when you search for "mp3 downloads" you get 100s of these results? Is this how they generate revenue?

Plus a URL that I want is hosted there, I thought it might be there's but I suspect it's just someone who bought it through them and is hosting it there !?!? Thanks jacka55e5

Curiosity and the child

[SlyW]

A child's curiosity will always trump the laid down law. Unless of course you beat them on a regular basis.

According to TFA:

The Typo-Patrol scanner built into the tool currently consists of a network of 17 machines, each running a daemon process that monitors its own input-request queue residing in a folder on a central management machine. According to Wang, when a list of typo-domains is dropped into the queue, the daemon fetches the list and launches virtual machines to visit each domain.
The daemon copies all recorded data to the host machine, including information on all secondary URLs visited, the content of all HTTP requests and responses, and optionally a screen shot. Upon completing the scan of the entire list, the daemon copies all data to its output folder on the central management machine, Wang said.
Recorded data in the output folder is inserted into a typo-domain database for data queries and analysis.

Doesn't sound like a tool for general release.

More to the point, with enough information and the proper lobbying we can probably expect to see some legislation addressing this. If not legislation, then at least some lawsuits.

I think this will lead to a crackdown on the #!@#%...ahem...typosquatters and some good(?) PR for M$.

I wonder - is this a good day for neoppets?

[kimvette]

re: One such misspelling, neoppets.com, is currently serving ads promising naked photos of Britney Spears or other adult images.

Let me guess: /. pointed to that article resulted in neoppets' daily revenue increasing by several orders of magnitude today?

I can see it now: a million slashdotters thinking "Oooh, naked pics of Britney. I gotta see it!"

You went there. Admit it. You know you did.

Jab at Google

[Coward+Anonymous]

Google's DomainPark (http://www.google.com/domainpark/) which is what typo-squatters use is a source of a large chunk of Google revenue. This could be the beginning of Microsoft's stab at Google's soft (and sleazy) underbelly.

Talk about yer typos

[chrisbtoo]

FTFA:

He said the group [...] found more then 7,000 typo-domains.


Priceless.

Wow

[TubeSteak]

AdSense for domains allows domain name registrars and large domain name holders to unlock the value in their parked page inventory. AdSense for domains delivers targeted, conceptually related keywords and advertisements to parked domain name pages by using Google's semantic technology to "understand" the meaning of each domain name. Powering over 3 million domain names, AdSense for domains is the industry's leading parked page service.

From the FAQ
5. What is the minimum amount of traffic I need to sign up for a AdSense for domains account?

Your network of sites should generate 750,000 page views per month to be eligible for the AdSense for domains service.

I didn't know Google was into the same dodgy business.
I guess that means it isn't evil...

typo squatting for word

[ChrisGood]

I thought this would be an article about the new microsoft word spell check wizard. It could have even been a discussion of all those who sit there reading posts just to reply about spelling. "yeah well at least i can spell, turn spell check on loser"

Even Microsoft, don't forget...

[TheNetAvenger]

Even Microsoft, don't forget...

Microsoft is a 'big' company, and even as much as we can dislike MS as a whole or things they do or have done, it is easy to forget that a LOT of strong minded tech people work there.

So when MS releases something of benefit it is a bit hard to stomach for a lot of people, but easy once we step back and remember that MS as a whole is comprised of many bright tech people that USE technology on a daily basis, and not even all the people at Microsoft are 'Windows' only people.

MS research is one area that is the most evident of tech minded people without the corporate controls, but good developers exists throughout MS so we can't expect everything they do to be wrong or evil. Look at it from a statistical view if nothing else.

So sure MS will put out selfless tools that help customers and computer users from time to time.

Having been a person that has watched MS for a long time, I remember days when they seemed to care about the little person and companies, and a shift in the mid 90s where that focus was lost. I remember when MS technologies were made and distributed for many OSes, not just Windows. From Media Player to IE, etc. These were free technologies that didn't fit the 'Windows' business model that Ballmer has made the central focus of the company, unfortunately.

The potential for this concept of business to return is there. Ballmer is a business person, not a true tech person, nor an innovative mind when it comes to technology. He is the face of the evil side of MS, and Bill G. giving control to him is the biggest mistake of MS history.

If I was going to paint the evil face of MS it would be Ballmer and his followers. I don't think Gates understands business enough to realize this, nor do I think he is inherently a business only person. His parents were very charitable and pushed for making peoples lives better. His failure is in not recognizing the evil aspects of business and the greed that is can create and is embodied in Ballmer.

So offtopic a bit, but the foundation of my views on this technology. Not everything at MS is evil and there still exist people there with the original 'empowering' concepts that flourished pre-Ballmer mindset and control. Gates use to wrangle him in, and for whatever reason stopped, and MS became the company they fought against for years at Ballmers control and advice.

So it is nice to see from time to time evidence that the non-Ballmer business model still does exist within MS, who knows, maybe there is hope for them to figure out the Ballmer and his followers mistakes and go back to a company that gives a crap.

They did something like this once before

[Phat_Tony]

It's no surprise Microsoft is doing this, because they have some history with making tracing programs.

I remember that years ago Bill Gates got together with Disney to make an email-tracing program. It's great to hear they're working on something similar again, because the people who took part in the beta testing for the email tracing program were supposed to be really handsomely rewarded. I think they got, like, $10,000 for every person they forwarded it to, or something.

I wonder where I can sign up to test this program?