Top

Published in:

2018 | OriginalPaper | Chapter

You Have More Abbreviations Than You Know: A Study of AbbrevSquatting Abuse

Authors : Pin Lv, Jing Ya, Tingwen Liu, Jinqiao Shi, Binxing Fang, Zhaojun Gu

Published in: Computational Science – ICCS 2018

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Domain squatting is a speculative behavior involving the registration of domain names that are trademarks belonging to popular companies, important organizations or other individuals, before the latters have a chance to register. This paper presents a specific and unconcerned type of domain squatting called “AbbrevSquatting”, the phenomena that mainly happens on institutional websites. As institutional domain names are usually named with abbreviations (i.e., short forms) of the full names or official titles of institutes, attackers can mine abbreviation patterns from existed pairs of abbreviations and full names, and register forged domain names with unofficial but meaningful abbreviations for a given institute. To measure the abuse of AbbrevSquatting, we first mine the common abbreviation patterns used in institutional domain names, and generate potential AbbrevSquatting domain names with a data set of authoritative domains. Then, we check the maliciousness of generated domains with a public API and seven different blacklists, and group the domains into several categories with crawled data. Through a series of manual and automated experiments, we discover that attackers have already been aware of the principles of AbbrevSquatting and are monetizing them in various unethical and illegal ways. Our results suggest that AbbrevSquatting is a real problem that requires more attentions from security communities and institutions’ registrars.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter DomainObserver: A Lightweight Solution for Detecting Malicious Domains Based on Dynamic Time Warping

next chapter Large Scale Retrieval of Social Network Pages by Interests of Their Followers

https://pypi.python.org/pypi/pinyin.

http://fanyi-api.baidu.com/api/trans/product/index.

https://pypi.python.org/pypi/jieba/.

Anticybersquatting Consumer Protection Act - Wikipedia. https://en.wikipedia.org/wiki/Anticybersquatting_Consumer_Protection_Act

Janos, S., Balazs, K., Gabor, C., Jonathan, S., Mark, F., Chris, K.: The long “Taile” of typosquatting domain names. In: Proceedings of USENIX Security Symposium (USENIXSecurity), pp. 191–206 (2014)

Agten, P., Joosen, W., Piessens, F., Nikiforakis, N.: Seven months’ worth of mistakes: a longitudinal study of typosquatting abuse. In: Proceedings of Network and Distributed System, Security Symposium (NDSS) (2015)

Mohammad, T.K., Huo, X., Li, Z., Kanich, C.: Every second counts: quantifying the negative externalities of cybercrime via typosquatting. In: Proceedings of IEEE Symposium on Security and Privacy (2015)

Dinaburg, A.: Bitsquatting: DNS hijacking without exploitation. In: Proceedings of BlackHat Security (2011)

Nikiforakis, N., Van Acker, S., Meert, W., Desmet, L., Piessens, F., Joosen, W.: Bitsquatting: exploiting bit-flips for fun, or profit? In: Proceedings of International Conference on World Wide Web, pp. 989–998 (2013)

Evgeniy, G., Alex, G.: The homograph attack. Commun. ACM 45(2), 128 (2002)

Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: a measurement study of homograph attacks. In: Proceedings of USENIX Annual Technical Conference, pp. 261–266 (2006)

Nikiforakis, N., Balduzzi, M., Desmet, L., Piessens, F., Joosen, W.: Soundsquatting: uncovering the use of homophones in domain squatting. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 291–308. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_17CrossRef

10.

Panagiotis, K., Najmeh, M., Charles, L., Chen, Y., et al.: Hiding in plain sight: a longitudinal study of combosquatting abuse. In: Proceedings of CCS, pp. 569–586 (2017)

11.

VirusTotal. https://www.virustotal.com

12.

Malware Domain List. https://www.malwaredomainlist.com

13.

Ransomware Domain Blocklist. https://ransomwaretracker.abuse.ch

14.

Monitor Malicious Executable Urls. http://www.urlvir.com/export-hosts/

15.

ZeuS Tracker: ZeuS Blocklist. https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

16.

NoThink! http://www.nothink.org/blacklist/blacklist_malware_dns.txt

17.

joewein.de LLC. http://www.joewein.net/dl/bl/dom-bl.txt

18.

DNS-BH. http://www.malwaredomains.com

19.

Wang, Y.-M., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider typo-patrol: discovery and analysis of systematic typo-squatting. In: Proceedings of SRUTI, pp. 31–36 (2006)

20.

Moore, T., Edelman, B.: Measuring the perpetrators and funders of typosquatting. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 175–191. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_15CrossRef

21.

Vissers, T., Joosen, W., Nikiforakis, N.: Parking sensors: analyzing and detecting parked domains. In: Proceedings of NDSS (2015)

22.

Edelman, B.: Large-scale registration of domains with typographical errors (2003). http://cyber.harvard.edu/archived_content/people/edelman/typo-domains/

23.

Coull, S.E., White, A.M., Yen, T.-F., Monrose, F., Reiter, M.K.: Understanding domain registration abuses. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IAICT, vol. 330, pp. 68–79. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15257-3_7CrossRef

24.

Report. http://news.xinhuanet.com/politics/2015-07/23/c_1116010850.htm

Title: You Have More Abbreviations Than You Know: A Study of AbbrevSquatting Abuse
Authors: Pin Lv
Jing Ya
Tingwen Liu
Jinqiao Shi
Binxing Fang
Zhaojun Gu
Publisher: Springer International Publishing
Book: Computational Science – ICCS 2018
Print ISBN: 978-3-319-93697-0

Electronic ISBN: 978-3-319-93698-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93698-7_17

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner