Type carefully, my friends...

[deanwebb]

http://www.scmagazine.com/endgame-exposes-malware-that-punishes-poor-spelling/article/483371/

1. Find a popular website
2. register a domain name for {popular website}c.om
3. wait for people to type in the name of the popular domain, then type c.om instead of .com
4. ?
5. PROFIT!


turns out #4 is "set up a website that pushes malware to the browser of the person making a typo"

Welcome to the world of typosquatting.

[icecream-guy]

http://www.scmagazine.com/endgame-exposes-malware-that-punishes-poor-spelling/article/483371/

1. Find a popular website
2. register a domain name for {popular website}c.om
3. wait for people to type in the name of the popular domain, then type c.om instead of .com
4. ?
5. PROFIT!


turns out #4 is "set up a website that pushes malware to the browser of the person making a typo"

Welcome to the world of typosquatting.

may value idea was to register popular domain names with ,com added to the end, with the benefit of the browser adding .com to the end, users mistype , instead of . ( i do it all the time) so user goes to networking-forums,com and goes to networking-forums,com.com and all he77 breaks loose.

[Otanx]

I don't think a comma is an allowed character in a domain name, but I like the way you think. A side bonus would be all the failures that would be caused by scripts incorrectly parsing csv files, etc.

-Otanx

[Dieselboy]

When i was in high school a kid in the library accidentally mistyped yahoo.com and ended up at a porn site.

For reasons like this I'm glad I've now got firepower in our asas.

(I've tried to find what he accidentally typed but no joy)

[Reggle]

I'm considering DNS blackholing .om here now, it's not like I'd ever visited that TLD on purpose.

Also, just as scary: bitsquatting. http://dinaburg.org/bitsquatting.html

[deanwebb]

Yep, there's no good on .om.

Then there was the malware campaign that hijacked ads on BBC, Newsweek, and The New York Times. Adblocker FTW.