Microsoft 'URL Tracer' Hunts Typosquatters

TonioSop writes "Microsoft Research has released a new tool to help pinpoint large-scale typosquatters that are known to be gaming pay-per-click domain parking services. The lightweight prototype, called Strider URL Tracer, builds on the work within Microsoft's Cybersecurity and Systems Management group to keep tabs on a sophisticated typosquatting scheme that uses multilayer URL redirection to make money from Google's AdSense for domains program. "

Dupe

Geez editors this is a dupe I was reading this same article at slashdt.org [slashdt.org] earlier *sigh* :)

Re:Dupe

Here's my favorite misspelling: slsahdot.org [slsahdot.org]

Let's see what the stats look like today.

Yay?

But would MS really like it being used to help fix Google's troubles?

Re:Yay?

Well, this is from Microsoft Research, which is reminiscent of what Bell Labs used to be like. Anyhow, it helps google, but it also throws egg on their face... like when 3rd parties release IE bug fixes before MS does.

Re:Yay?

Google owns oingo.com, one of the largest "parked domain" companies out there.

Great news.

Now I have a new buzzword to gratuitously throw out there...typosquatting. Sweet.

Re:Great news.

Actually, goatadsl.co.uk is a legitimate ISP. I would have gone with them but their download rates are only 1.5 megableats per second.

Re:Great news.

Typosquatting sounds like it was coined by the grammar nazis. Observe its use in such a sentence:

After Tad posted that illiterate post on Slashdot, the grammar nazis typosquatted down and took a big dump all over it.

IE 7.0

How much you want to bet this is folded into IE7 with their Anti-phishing "technology".

Typosquatter gone Extinct

And here we have the Typosquatter, a theropod dinosaur, roughly between the early punchcards and their ultimate culmination in the Domain-Squatting dinosaurs. It lived between 1 to 13 years ago, in the Windows Ages.
Of the early Internet period, though one unknown species is from the very late Typewriter period. The various Typosquatter species are bulky omnivores, ranging from approximately 2 to 3 metres (5-8 feet) in height, and averaging about 235 pounds in weight.
Its most distinctive feature was the uncanny ability to take on the likeness of other domains, likely used for trapping its fumbling prey and for phishing scams. It was recently hunted to extinction by Tyrannus Microsoftus using its most effective method of capture, the 'URL Tracer.'

As an added bonus...

...if there are more than 1000 participants, Microsoft will pay them each $1000 [snopes.com].

Sleezy - glad someone is looking into it

Squatting on domains is one thing, but having them resolve to some default "search" page is just bs - the fact that some of those screens show disneychanel.com mis-spelled going to porn sites makes me sick - kids are going to be misspelling (!) that...fuckers. Then, here's a site that allows you to "park" yr domain to make money on people misspelling (!) URLS:

"Sedo's new Domain Parking Program lets you earn money from your domain names without needing to develop your own site. Even better, Sedo's statistics show that domains parked with Sedo are 5 times more likely to be sold!"

http://sedoparking.com/ [sedoparking.com]

Re:Sleezy - glad someone is looking into it

Google AdSense for domains [google.com]

If Google does it, it obviously isn't an evil act.

And then...

The lightweight prototype, called Strider URL Tracer, builds on the work within Microsoft's Cybersecurity and Systems Management group to keep tabs on a sophisticated typosquatting scheme that uses multilayer URL redirection to make money from Google's AdSense for domains program.

And then... Build a spider that hits every single one of those URLs driving Hoodia merchants into debt.

That... would actually be pretty cool.

Help me understand how this helps me?

The article sure made a big to-do about how typosquatters target kids, implying that the Bad Guys want to get 11-year-olds to steal their parents' credit cards so that they can visit neopetsporn.com or something.

So, what, I'm supposed to install this on my PC instead of teaching my kids how to hit the "esc" key and then hit "back"? As a parent, I've always figured it was *my* job, not Bill's, to teach my kids to surf safely. Heck, I even gave the rest of my family detailed instructions [magicnumbers.org] on how to respond if they accidentally visited the porn squatter at the dot-com next door to my family's domain name.

Of course, I guess if you're using Internet Explorer, you probably need some sort of blocker for the sites that send you to Popup Hell or otherwise highjack your browser. Strange how I never have this problem myself (coughcough [opera.com]cough).

Is it illegal?

So once you catch one of these typosquatters what do you do with them. Is it illegal ?

Another example

If you have a domain you can also 'park' it here to earn revenue..

http://www.fabulous.com/ [fabulous.com]

If you don't have one they'll sell you one and have it earn revenue. Are these the sites that just pollute the hell outta search engines so when you search for "mp3 downloads" you get 100s of these results? Is this how they generate revenue?

Plus a URL that I want is hosted there, I thought it might be there's but I suspect it's just someone who bought it through them and is hosting it there !?!? Thanks jacka55e5

So, what's the profit angle?

If M$ is doing this, although the report talks about how it detects "gaming" of pay-per-click behavior, is this a way to determine how to corrupt the monitoring that Google is doing and thus cast doubt upon their revenue model?

Nahhhh. What was i thinking?

Google Adsense

Don't google have terms and conditions for serving adverts? I guess they would make money from them also so conflict of interest perhaps?

idea..

Maybe some of the people who create viruses designed to attack average users should instead write the viruses designed to attack more annoying net presences...

Stop DDOS-ing root name servers and start DDOS-ing some of these shyte sites.

Thanks for dupes!

If it weren't for dupes, some of us wouldn't see everything. A few of us work for a living, you insensitive clods!

--

But this is toadilly failed because:

1) Microsoft is evil, through and through
2) Apple innovated this in 1956 and it was more lickable
3) Gentoo's version runs .005ms faster and only requires a week to compile
4) This is the final straw that killed BSD
5) Sun Microsystems was just looking for the latest thing to flip-flop about
6) I have to pee
7) News for Turds, Stuff that Splatters

right? right? am eye riiiight?

I wonder - is this a good day for neoppets?

re: One such misspelling, neoppets.com, is currently serving ads promising naked photos of Britney Spears or other adult images.

Let me guess: /. pointed to that article resulted in neoppets' daily revenue increasing by several orders of magnitude today?

I can see it now: a million slashdotters thinking "Oooh, naked pics of Britney. I gotta see it!"

You went there. Admit it. You know you did.

no morals

Well I guess I wouldn't expect pornographer-typo-domain-squatters to have a lot of morals. But are 8 year olds really interested in naked photos? And would a 13 year old be looking at neopets? I suppose it must be working, or they wouldn't do it. That's a shame.

Jab at Google

Google's DomainPark (http://www.google.com/domainpark/ [google.com]) which is what typo-squatters use is a source of a large chunk of Google revenue. This could be the beginning of Microsoft's stab at Google's soft (and sleazy) underbelly.

Wow

AdSense for domains allows domain name registrars and large domain name holders to unlock the value in their parked page inventory. AdSense for domains delivers targeted, conceptually related keywords and advertisements to parked domain name pages by using Google's semantic technology to "understand" the meaning of each domain name. Powering over 3 million domain names, AdSense for domains is the industry's leading parked page service.

From the FAQ [google.com]
5. What is the minimum amount of traffic I need to sign up for a AdSense for domains account?

Your network of sites should generate 750,000 page views per month to be eligible for the AdSense for domains service.

I didn't know Google was into the same dodgy business.
I guess that means it isn't evil...

Talk about yer typos

FTFA:

He said the group [...] found more then 7,000 typo-domains.


Priceless.

Erm...

Google is profiting [appliedsemantics.com] from this. Systematically. It's called DomainPark.

One typosquatter just made $242,000

Maybe all that technology will be able detect the traffic going to mortage.com, which just sold for $242,000 [dnjournal.com]. Yep. So many people miss the "g" that the traffic to the domain is worth a quarter million dollars. Go figure.

typo squatting for word

I thought this would be an article about the new microsoft word spell check wizard. It could have even been a discussion of all those who sit there reading posts just to reply about spelling. "yeah well at least i can spell, turn spell check on loser"

Even Microsoft, don't forget...

Even Microsoft, don't forget...

Microsoft is a 'big' company, and even as much as we can dislike MS as a whole or things they do or have done, it is easy to forget that a LOT of strong minded tech people work there.

So when MS releases something of benefit it is a bit hard to stomach for a lot of people, but easy once we step back and remember that MS as a whole is comprised of many bright tech people that USE technology on a daily basis, and not even all the people at Microsoft are 'Windows' only people.

MS research is one area that is the most evident of tech minded people without the corporate controls, but good developers exists throughout MS so we can't expect everything they do to be wrong or evil. Look at it from a statistical view if nothing else.

So sure MS will put out selfless tools that help customers and computer users from time to time.

Having been a person that has watched MS for a long time, I remember days when they seemed to care about the little person and companies, and a shift in the mid 90s where that focus was lost. I remember when MS technologies were made and distributed for many OSes, not just Windows. From Media Player to IE, etc. These were free technologies that didn't fit the 'Windows' business model that Ballmer has made the central focus of the company, unfortunately.

The potential for this concept of business to return is there. Ballmer is a business person, not a true tech person, nor an innovative mind when it comes to technology. He is the face of the evil side of MS, and Bill G. giving control to him is the biggest mistake of MS history.

If I was going to paint the evil face of MS it would be Ballmer and his followers. I don't think Gates understands business enough to realize this, nor do I think he is inherently a business only person. His parents were very charitable and pushed for making peoples lives better. His failure is in not recognizing the evil aspects of business and the greed that is can create and is embodied in Ballmer.

So offtopic a bit, but the foundation of my views on this technology. Not everything at MS is evil and there still exist people there with the original 'empowering' concepts that flourished pre-Ballmer mindset and control. Gates use to wrangle him in, and for whatever reason stopped, and MS became the company they fought against for years at Ballmers control and advice.

So it is nice to see from time to time evidence that the non-Ballmer business model still does exist within MS, who knows, maybe there is hope for them to figure out the Ballmer and his followers mistakes and go back to a company that gives a crap.

So let me get this straight: MS helps Google out?

So let me get this straight: MS helps Google out?

Next you'll tell me Microsoft is going to start running Linux to test interoperation.

After that, I expect to hear they're abandoning ntkernel and moving everything over to NetBSD. They expect to ship sooner, and with fewer bugs that way.

They did something like this once before

It's no surprise Microsoft is doing this, because they have some history with making tracing programs.

I remember that years ago Bill Gates got together with Disney to make an email-tracing program. It's great to hear they're working on something similar again, because the people who took part in the beta testing for the email tracing program were supposed to be really handsomely rewarded. I think they got, like, $10,000 for every person they forwarded it to, or something.

I wonder where I can sign up to test this program?

Excellent!

So does this mean typing http//www.google.com won't redirect me to Microsoft anymore?

Re:Re-inventing the whell

Given that most of MSR's stuff is free, I wonder how they could solve it for a "fraction of the price." Perhaps you mean "there are other free solutions"?

Re:Next story: New Line

Will it be known as Aragorn when it comes out of beta?

Re:Typosquatting

Indeed. I fear that this may well be used to intimidate people who have legitimate but similar company names.