You Have More Abbreviations Than You Know: A Study of AbbrevSquatting Abuse

  • Pin Lv
  • Jing Ya
  • Tingwen Liu
  • Jinqiao Shi
  • Binxing Fang
  • Zhaojun Gu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10860)


Domain squatting is a speculative behavior involving the registration of domain names that are trademarks belonging to popular companies, important organizations or other individuals, before the latters have a chance to register. This paper presents a specific and unconcerned type of domain squatting called “AbbrevSquatting”, the phenomena that mainly happens on institutional websites. As institutional domain names are usually named with abbreviations (i.e., short forms) of the full names or official titles of institutes, attackers can mine abbreviation patterns from existed pairs of abbreviations and full names, and register forged domain names with unofficial but meaningful abbreviations for a given institute. To measure the abuse of AbbrevSquatting, we first mine the common abbreviation patterns used in institutional domain names, and generate potential AbbrevSquatting domain names with a data set of authoritative domains. Then, we check the maliciousness of generated domains with a public API and seven different blacklists, and group the domains into several categories with crawled data. Through a series of manual and automated experiments, we discover that attackers have already been aware of the principles of AbbrevSquatting and are monetizing them in various unethical and illegal ways. Our results suggest that AbbrevSquatting is a real problem that requires more attentions from security communities and institutions’ registrars.


Domain squatting AbbrevSquatting Institutional domain names Abbreviations 



This work was supported in part by the National Key Research and Development Program of China under Grant No. 2016YFB0801003 and the Open Project Foundation of Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China No. CAAC-ISECCA-201801.


  1. 1.
    Anticybersquatting Consumer Protection Act - Wikipedia.
  2. 2.
    Janos, S., Balazs, K., Gabor, C., Jonathan, S., Mark, F., Chris, K.: The long “Taile” of typosquatting domain names. In: Proceedings of USENIX Security Symposium (USENIXSecurity), pp. 191–206 (2014)Google Scholar
  3. 3.
    Agten, P., Joosen, W., Piessens, F., Nikiforakis, N.: Seven months’ worth of mistakes: a longitudinal study of typosquatting abuse. In: Proceedings of Network and Distributed System, Security Symposium (NDSS) (2015)Google Scholar
  4. 4.
    Mohammad, T.K., Huo, X., Li, Z., Kanich, C.: Every second counts: quantifying the negative externalities of cybercrime via typosquatting. In: Proceedings of IEEE Symposium on Security and Privacy (2015)Google Scholar
  5. 5.
    Dinaburg, A.: Bitsquatting: DNS hijacking without exploitation. In: Proceedings of BlackHat Security (2011)Google Scholar
  6. 6.
    Nikiforakis, N., Van Acker, S., Meert, W., Desmet, L., Piessens, F., Joosen, W.: Bitsquatting: exploiting bit-flips for fun, or profit? In: Proceedings of International Conference on World Wide Web, pp. 989–998 (2013)Google Scholar
  7. 7.
    Evgeniy, G., Alex, G.: The homograph attack. Commun. ACM 45(2), 128 (2002)Google Scholar
  8. 8.
    Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: a measurement study of homograph attacks. In: Proceedings of USENIX Annual Technical Conference, pp. 261–266 (2006)Google Scholar
  9. 9.
    Nikiforakis, N., Balduzzi, M., Desmet, L., Piessens, F., Joosen, W.: Soundsquatting: uncovering the use of homophones in domain squatting. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 291–308. Springer, Cham (2014). Scholar
  10. 10.
    Panagiotis, K., Najmeh, M., Charles, L., Chen, Y., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: Proceedings of CCS, pp. 569–586 (2017)Google Scholar
  11. 11.
  12. 12.
  13. 13.
    Ransomware Domain Blocklist.
  14. 14.
    Monitor Malicious Executable Urls.
  15. 15.
  16. 16.
  17. 17.
  18. 18.
  19. 19.
    Wang, Y.-M., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider typo-patrol: discovery and analysis of systematic typo-squatting. In: Proceedings of SRUTI, pp. 31–36 (2006)Google Scholar
  20. 20.
    Moore, T., Edelman, B.: Measuring the perpetrators and funders of typosquatting. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 175–191. Springer, Heidelberg (2010). Scholar
  21. 21.
    Vissers, T., Joosen, W., Nikiforakis, N.: Parking sensors: analyzing and detecting parked domains. In: Proceedings of NDSS (2015)Google Scholar
  22. 22.
    Edelman, B.: Large-scale registration of domains with typographical errors (2003).
  23. 23.
    Coull, S.E., White, A.M., Yen, T.-F., Monrose, F., Reiter, M.K.: Understanding domain registration abuses. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 68–79. Springer, Heidelberg (2010). Scholar
  24. 24.

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Pin Lv
    • 1
    • 2
  • Jing Ya
    • 1
    • 2
  • Tingwen Liu
    • 1
    • 2
  • Jinqiao Shi
    • 1
    • 2
  • Binxing Fang
    • 1
    • 2
  • Zhaojun Gu
    • 3
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.Information Security Evaluation Center of Civil AviationCivil Aviation University of ChinaTianjinChina

Personalised recommendations