A New Malware Targets People Who Type Too Fast
Hackers are waiting for you to make a typo.
If you've ever mistakenly typed ".om" instead of ".com," beware: Hackers are serving up malware to web users who mistype web addresses, according to a report from the research team at security firm Endgame.
The exploit is fairly simple: Buy up domains that are similar to popular ones, then load them with malvertising and threatening messages in order to get victims to download malware. Examples of the assault, known as typosquatting, include netflic.com and netflixc.om. The latter example, using .om, is the target of this latest rash of attacks.
One of Endgame's researchers navigated to Netflix to check out the latest episodes of House of Cards. However, he accidentally typed in "netflix.om," rather than the official .com domain, and was redirected to a series of pages full of sketchy pop-up ads, and eventually a malware-infested site, which prompted him to download a Flash Player update he did not need. The experience led him to look deeper into whether other .om domains hosted similar attacks.
He and his colleagues discovered that more than 300 suspicious domains using the names of major companies were registered and running similar schemes. Such domains include walgreens.om, bankofamerica.om, reddit.om, linkedin.om, facebook.om — and the list goes on.
The attack is expanding quickly. February saw a spike in .om domain registrations, according to Endgame. Further, the attack method appears to be successful. "There are at least thousands of queries per day to the malicious .om domains from different recursive DNS resolvers across the world," the report notes.
According to the researchers, the overall goal of these attacks is to serve users as much advertising as possible and to keep nervous users clicking in order to collect revenue from ad platforms. If you accidentally land on a page that exhibits lots of pop-up ads, redirection to other sites or instructions to download a file, don't lick on anything within the website. The best solution is to simply retype the appropriate link into your browser's address bar.
Endgame also advises companies to enhance their typosquatting strategies in order to prevent these kinds of attacks from cropping up.