Advertisement

Soundsquatting: Uncovering the Use of Homophones in Domain Squatting

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8783)

Abstract

In this paper we present soundsquatting, a previously unreported type of domain squatting which we uncovered during analysis of cybersquatting domains. In soundsquatting, an attacker takes advantage of homophones, i.e., words that sound alike, and registers homophone-including variants of popular domain names. We explain why soundsquatting is different from existing domain-squatting attacks, and describe a tool for the automatic generation of soundsquatting domains. Using our tool, we discover that attackers are already aware of the principles of soundsquatting and are monetizing them in various unethical and illegal ways. In addition, we register our own soundsquatting domains and study the population of users who reach our monitors, recording a monthly average of more than 1,700 non-bot page requests. Lastly, we show how sound-dependent users are particularly vulnerable to soundsquatting through the abuse of text-to-speech software.

Keywords

Assistive Technology Target Domain Screen Reader Candidate Word Braille Display 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    IP Addresses of Search Engine Spiders, http://iplists.com/
  2. 2.
    WHO — Visual impairment and blindness, http://www.who.int/mediacentre/factsheets/fs282/en/
  3. 3.
    Anticybersquatting Consumer Protection Act (ACPA) (November 1999), http://www.patents.com/acpa.htm
  4. 4.
    Banerjee, A., Barman, D., Faloutsos, M., Bhuyan, L.N.: Cyber-fraud is one typo away. In: Proceedings of IEEE INFOCOM (2008)Google Scholar
  5. 5.
    BlueTornado. Skyvi (Siri for Android), http://www.skyviapp.com
  6. 6.
    Coull, S.E., White, A.M., Yen, T.-F., Monrose, F., Reiter, M.K.: Understanding domain registration abuses. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 68–79. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Dinaburg, A.: Bitsquatting: DNS Hijacking without Exploitation. In: Proceedings of BlackHat Security (July 2011)Google Scholar
  8. 8.
    Edelman, B.: Large-scale registration of domains with typographical errors (2003)Google Scholar
  9. 9.
    Even Grounds - How Do Blind People Use The Computer, http://www.evengrounds.com/blog/how-do-blind-people-use-the-computer
  10. 10.
    Ferguson, R.: Tvviter Typosquatting Phishing Site, http://countermeasures.trendmicro.eu/tvviter-typosquatting-phishing-site/
  11. 11.
    Gabrilovich, E., Gontmakher, A.: The homograph attack. Communications of the ACM 45(2), 128 (2002)CrossRefGoogle Scholar
  12. 12.
  13. 13.
    Golinveaux, J.: What’s in a domain name: Is cybersquatting trademark dilution? University of San Francisco Law Review 33 U.S.F. L. Rev. (1998-1999)Google Scholar
  14. 14.
    Herzberg, A., Shulman, H.: Fragmentation Considered Poisonous, or: One-domain-to-rule-them-all.org. In: CNS 2013, pp. 224–232. IEEE (2013)Google Scholar
  15. 15.
    Hidayat, A.: PhantomJS: Headless WebKit with JavaScript APIGoogle Scholar
  16. 16.
    Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: A measurement study of homograph attacks. In: Proceedings of USENIX ATC (2006)Google Scholar
  17. 17.
    Jakobsson, M., Finn, P., Johnson, N.: Why and How to Perform Fraud Experiments. IEEE Security & Privacy 6(2), 66–68 (2008)CrossRefGoogle Scholar
  18. 18.
    Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: A study of (ROT13) rOnl query features. In: WWW 2006 (2006)Google Scholar
  19. 19.
    Kesmodel, D.: The Domain Game: How People Get Rich from Internet Domain Names. Xlibris Corporation (2008)Google Scholar
  20. 20.
    McMahon, R.: BIND 8.2 NXT Remote Buffer Overflow Exploit (2000)Google Scholar
  21. 21.
    Moore, T., Edelman, B.: Measuring the perpetrators and funders of typosquatting. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 175–191. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Nikiforakis, N., Acker, S.V., Meert, W., Desmet, L., Piessens, F., Joosen, W.: Bitsquatting: Exploiting bit-flips for fun, or profit? In: WWW 2013, pp. 989–998 (2013)Google Scholar
  23. 23.
    Orca: a free, open source, flexible, and extensible screen readerGoogle Scholar
  24. 24.
    Seidenberg, M.S., Petersen, A., MacDonald, M.C., Plaut, D.C.: Pseudohomophone Effects and Models of Word Recognition. Journal of Experimental Psychology: Learning, Memory and Cognition 22, 48–62 (1996)Google Scholar
  25. 25.
    Stewart, J.: DNS Cache Poisoning - The Next Generation (2003)Google Scholar
  26. 26.
    ScreenReader.net: freedom for blind and Visually impaired peopleGoogle Scholar
  27. 27.
    Wang, Y.-M., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider typo-patrol: Discovery and analysis of systematic typo-squatting. In: SRUTI 2006 (2006)Google Scholar
  28. 28.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceStony Brook UniversityStony BrookUSA
  2. 2.TrendMicroLeuvenBelgium
  3. 3.iMinds-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations