Turning Your Typo into Profit

Have you noticed what happens when you mistype the name of your favorite web site? As reported by Daniel Wesemann at the Internet Storm Center this is not an accident, this is a profit center.

A few sites like www.gogle.com go where intended – www.google.com. Type in www.googe.com and you end up at Go Daddy. Just a little while ago, my browser would have shown me, “Cannot find server or DNS error.” Now on my Dell system, most of my mistakes take me to a customized Dell/Google results page. Being redirected to a search engine might seem innocuous, but this is actually a real bad thing™.

• As Daniel points out in his blog entry these redirect sites create an opportunity for the pharmers and phishers
• Some SSL/VPN software relies on the standard DNS behavior to redirect you to your companies internal servers
• Getting redirected to an unexpected site can be very embarrassing, in this instance Bell South users were redirected to porn sites and who can forget when www.whitehouse.com was an explicit porn site?

These are all a form of hijacking. How bad is this? Just last year a Phisher was targeting Wells Fargo customers with a “welsfargo” URL. Wells Fargo has registered the domain “welsfargo.com” but has not redirected the domain as Google did with Gogle. The folks at Wells Fargo need to correct this lack.

If you have an e-commerce or popular web site then you need to protect yourself and protect your customers:

1. Register the confusingly similar domain names and configure their DNS records to point to the correct site

2. Monitor all of your domain records and DNS servers for failure or compromise

3. Deter the pharmers with protection against defacement, cross-site scripting and man-in-the-middle attacks