research-article

Public Access

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Authors:
Panagiotis Kintis

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Najmeh Miramirkhani

Stony Brook University, Brookhaven, NY, USA

Stony Brook University, Brookhaven, NY, USA
View Profile

,
Charles Lever

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Yizheng Chen

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Rosa Romero-Gómez

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

,
Nikolaos Pitropakis

London South Bank University, London, United Kingdom

London South Bank University, London, United Kingdom
View Profile

,
Nick Nikiforakis

Stony Brook University, Brookhaven, NY, USA

Stony Brook University, Brookhaven, NY, USA
View Profile

,
Manos Antonakakis

Georgia Institute of Technology, Atlanta, GA, USA

Georgia Institute of Technology, Atlanta, GA, USA
View Profile

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityOctober 2017Pages 569–586https://doi.org/10.1145/3133956.3134002

Published:30 October 2017Publication History

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 569–586

ABSTRACT

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records - collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.

Supplemental Material

References

2008. Combosquatting: The Business of Cybersquatting. In FairWinds Partners, LLC.Google Scholar
2015. Domain Blacklist: driveby. http://www.blade-defender.org/ eval-lab/. (2015).Google Scholar
2016. Domain Blacklist: abuse.ch. http://www.abuse.ch/. (2016).Google Scholar
2016. Domain Blacklist: Blackhole DNS. http://www.malwaredomains.com/ wordpress/?page_id=6. (2016).Google Scholar
2016. Domain Blacklist: hphosts. http://hosts-file.net/'s=Download. (2016).Google Scholar
2016. Domain Blacklist: itmate. http://vurl.mysteryfcm.co.uk/. (2016).Google Scholar
2016. Domain Blacklist: sagadc. http://dns-bh.sagadc.org/. (2016).Google Scholar
2016. Domain Blacklist: SANS. https://isc.sans.edu/suspicious_domains. html. (2016).Google Scholar
2016. Malware Domain List. http://www.malwaredomainlist.com/forums/ index.php?topic=3270.0. (2016).Google Scholar
2017. Certificate Transparency. https://www.certificate-transparency. org. (2017).Google Scholar
Josh Aas. 2015. Let's Encrypt: The CA's Role in Fighting Phishing and Malware. https://letsencrypt.org/2015/10/29/phishing-and-malware. html. (2015).Google Scholar
ACPA 1999. Anticybersquatting Consumer Protection Act (ACPA). http://www. patents.com/acpa.htm. (November 1999).Google Scholar
Agten, Pieter and Joosen, Wouter and Piessens, Frank and Nikiforakis, Nick. 2015. Seven months' worth of mistakes: A longitudinal study of typosquatting abuse. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). Internet Society. Google ScholarCross Ref
Alexa. 2016. The Web Information Company. http://www.alexa.com/. (2016).Google Scholar
AllSlang. 2016. Slang Dictionary - Text Slang & Internet Slang Words. http: //www.noslang.com/dictionary/. (2016).Google Scholar
AllSlang. 2016. Swear Word List & Curse Filter. http://www.noswearing.com/ dictionary. (2016).Google Scholar
Anton Cherepanov. 2014. ScanBox framework -- who's affected, and who's using it? http://2014.zeronights.org/assets/files/slides/roaming_tiger_ zeronights_2014.pdf. (July 2014).Google Scholar
Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. 2010. Building a Dynamic Reputation System for DNS. In the Proceedings of 19th USENIX Security Symposium (USENIX Security '10) .Google Scholar
Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, and David Dagon. 2011. Detecting Malware Domains in the Upper DNS Hierarchy. In the Proceedings of 20th USENIX Security Symposium (USENIX Security '11).Google Scholar
Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware. In the Proceedings of 21th USENIX Security Symposium (USENIX Security '12).Google Scholar
Asert. 2014. Illuminating the Etumbot APT Backdoor. https://github.com/kbandla/APTnotes/blob/master/2014/ ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT. pdf. (June 2014).Google Scholar
Asert. 2016. The Four Element Sword Engagement. https://www. arbornetworks.com/blog/asert/four-element-sword-engagement/. (April 2016).Google Scholar
Asert. 2016. Uncovering the Seven Pointed Dagger Discovery of the Trochilus RAT and Other Targeted Threats. https://goo.gl/zMbqpA. (January 2016).Google Scholar
Athanasios Kountouras and Panagiotis Kintis and Chaz Lever and Yizheng Chen and Yacin Nadji and David Dagon and Manos Antonakakis and Rodney Joffe. 2016. Enabling Network Security Through Active DNS Datasets. In Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19--21, 2016, Proceedings. 188--208. https://doi.org/10. 1007/978-3-319-45719-2_9Google Scholar
Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPO- SURE: Finding Malicious Domains Using Passive DNS Analysis. In Proceedings of NDSS.Google Scholar
Bitdefender. 2013. A Closer Look at MiniDuke. https://labs.bitdefender. com/wp-content/uploads/downloads/2013/04/MiniDuke_Paper_Final. pdf. (May 2013).Google Scholar
CHECK POINT SOFTWARE TECHNOLOGIES. 2015. ROCKET KIT TEN: A CAM- PAIGN WITH 9 LIVES. http://blog.checkpoint.com/wp-content/uploads/ 2015/11/rocket-kitten-report.pdf. (November 2015).Google Scholar
Chen, Yizheng and Kintis, Panagiotis and Antonakakis, Manos and Nadji, Yacin and Dagon, David and Lee, Wenke and Farrell, Michael. 2016. Financial Lower Bounds of Online Advertising Abuse. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment-Volume 9721. Springer-Verlag New York, Inc., 231--254. Google ScholarDigital Library
Jason W Clark and Damon McCoy. 2013. There Are No Free iPads: An Analysis of Survey Scams as a Business.. In LEET.Google Scholar
Cylance. 2016. OPERATION DUST STORM. https://www.cylance.com/ hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_ Storm_Report.pdf?t=1477417126448. (February 2016).Google Scholar
Artem Dinaburg. 2011. Bitsquatting: DNS Hijacking without Exploitation. In Proceedings of BlackHat Security.Google Scholar
dmoz. 2016. DMOZ - the Open Directory Project. http://www.dmoz.org. (2016).Google Scholar
Edelman, Benjamin. 2003. Large-scale registration of domains with typographical errors. Harvard University (2003).Google Scholar
Fidelis Threat Research Team. 2016. Turbo Twist: Two 64-bit Derusbi Strains Converge. http://www.threatgeek.com/2016/05/ turbo-twist-two-64-bit-derusbi-strains-converge.html. (May 2016).Google Scholar
FireEye. 2013. OPERATION SAFFRON ROSE. https://www.fireeye. com/content/dam/fireeye-www/global/en/current-threats/pdfs/ rpt-operation-saffron-rose.pdf. (May 2013).Google Scholar
FireEye. 2013. SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. https://www.fireeye.com/content/dam/fireeye-www/ global/en/current-threats/pdfs/rpt-malware-supply-chain.pdf. (No- vember 2013).Google Scholar
FireEye. 2014. Top Words Used in Spear Phishing Attacks. (2014).Google Scholar
G DATA. 2014. OPERATION "TOOHASH" HOW TARGETED ATTACKS WORK. https://public.gdatasoftware.com/Presse/Publikationen/ Whitepaper/EN/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf . (October 2014).Google Scholar
Evgeniy Gabrilovich and Alex Gontmakher. 2002. The homograph attack. Communucations of the ACM 45, 2 (Feb. 2002), 128. https://doi.org/10.1145/ 503124.503156Google Scholar
Garera, Sujata and Provos, Niels and Chew, Monica and Rubin, Aviel D. 2007. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM workshop on Recurring malcode. ACM, 1--8. Google ScholarDigital Library
Shuang Hao, Nick Feamster, and Ramakant Pandrangi. 2011. Monitoring the initial DNS behavior of malicious domains. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 269--278. Google ScholarDigital Library
Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck. 2013. Understanding the domain registration behavior of spammers. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 63--76. Google ScholarDigital Library
Hao, Shuang and Kantchelian, Alex and Miller, Brad and Paxson, Vern and Feamster, Nick. 2016. PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1568--1579. Google ScholarDigital Library
Holgers, Tobias and Watson, David E. and Gribble, Steven D. 2006. Cutting through the confusion: a measurement study of homograph attacks. In Proceed- ings of the 2006 USENIX Annual Technical Conference. 1. http://dl.acm.org/ citation.cfm?id=1267359.1267383Google Scholar
INFOSEC CONSORTIUM. 2013. Inside Report -- APT Attacks on Indian Cy- ber Space. http://ver007.com/tools/APTnotes/2013/Inside_Report_by_ Infosec_Consortium.pdf. (August 2013).Google Scholar
Jakobsson, Markus. 2007. The human factor in phishing. Privacy & Security of Consumer Information 7, 1 (2007), 1--19.Google Scholar
Jakobsson, Markus and Tsow, Alex and Shah, Ankur and Blevis, Eli and Lim, Youn- Kyung. 2007. What instills trust? a qualitative study of phishing. In Financial Cryptography and Data Security. Springer, 356--361.Google Scholar
Janos Szurdi and Balazs Kocso and Gabor Cseh and Jonathan Spring and Mark Felegyhazi and Chris Kanich. 2014. The Long "Taile" of Typosquatting Domain Names. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX As- sociation, San Diego, CA, 191--206. https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/presentation/szurdiGoogle Scholar
JPCERT/CC. 2016. Asruex: Malware Infecting through Shortcut Files. http://blog.jpcert.or.jp/2016/06/ asruex-malware-infecting-through-shortcut-files.html. (June 2016).Google Scholar
Kaspersky. 2013. THE "ICEFOG" APT: A TALE OF CLOAK AND THREE DAGGERS. https://kasperskycontenthub.com/wp-content/uploads/sites/ 43/vlpdfs/icefog.pdf. (September 2013).Google Scholar
Kaspersky. 2015. CARBANAK APT THE GREAT BANK ROBBERY. https:// securelist.com/files/2015/02/Carbanak_APT_eng.pdf. (February 2015).Google Scholar
Kaspersky Lab. 2014. DARKHOTEL INDICATORS OF COMPROMISE. https:// securelist.com/files/2014/11/darkhotelappendixindicators_kl.pdf. (November 2014).Google Scholar
Kaspersky Lab. 2014. The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. https://cdn.securelist.com/files/2014/08/KL_ Epic_Turla_Technical_Appendix_20140806.pdf . (August 2014).Google Scholar
Khan, Mohammad Taha and Huo, Xiang and Li, Zhou and Kanich, Chris. 2015. Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting. In Proceedings of the 36th IEEE Symposium on Security and Privacy. Google ScholarDigital Library
Kreibich, Christian and Kanich, Chris and Levchenko, Kirill and Enright, Brandon and Voelker, Geoffrey M and Paxson, Vern and Savage, Stefan. 2008. On the Spam Campaign Trail. LEET 8, 2008 (2008), 1--9.Google Scholar
Let's Encrypt. 2017. Let's Encrypt -- Free SSL/TLS Certificates. https: //letsencrypt.org. (2017).Google Scholar
Lever, Chaz and Walls, Robert and Nadji, Yacin and Dagon, David and McDaniel, Patrick and Antonakakis, Manos. 2016. Domain-Z: 28 Registrations Later. (2016).Google Scholar
Liu, Daiping and Hao, Shuai and Wang, Haining. 2016. All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1414--1425. Google ScholarDigital Library
Ma, Justin and Saul, Lawrence K and Savage, Stefan and Voelker, Geoffrey M. 2009. Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD). Google ScholarDigital Library
Marczak, William R and Scott-Railton, John and Marquis-Boire, Morgan and Paxson, Vern. 2014. When governments hack opponents: A look at actors and technology. In 23rd USENIX Security Symposium (USENIX Security 14). 511--525.Google Scholar
Microsoft. 2015. Microsoft Security Intelligence Report Volume 19 | January through June, 2015. http://download.microsoft.com/download/ 4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_ Intelligence_Report_Volume_19_English.pdf. (June 2015).Google Scholar
Miramirkhani, Najmeh and Starov, Oleksii and Nikiforakis, Nick. 2017. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams. In Proceedings of the 24th Network and Distributed System Security Symposium (NDSS 2017). Internet Society. Google ScholarCross Ref
P.V. Mockapetris. 1983. Domain names: Concepts and facilities. RFC 882. (Nov. 1983). http://www.ietf.org/rfc/rfc882.txt Obsoleted by RFCs 1034, 1035, updated by RFC 973.Google ScholarDigital Library
P.V. Mockapetris. 1983. Domain names: Implementation specification. RFC 883. (Nov. 1983). http://www.ietf.org/rfc/rfc883.txt Obsoleted by RFCs 1034, 1035, updated by RFC 973.Google ScholarDigital Library
P.V. Mockapetris. 1987. Domain names - concepts and facilities. RFC 1034 (INTERNET STANDARD). (Nov. 1987). http://www.ietf.org/rfc/rfc1034. txt Updated by RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181, 2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592, 5936.Google Scholar
P.V. Mockapetris. 1987. Domain names - implementation and specification. RFC 1035 (INTERNET STANDARD). (Nov. 1987). http://www.ietf.org/rfc/ rfc1035.txtGoogle Scholar
Tyler Moore and Benjamin Edelman. 2010. Measuring the Perpetrators and Funders of Typosquatting. In Financial Cryptography and Data Security, Vol. 6052. 175--191. Google ScholarDigital Library
Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2013. Bitsquatting: Exploiting bit-flips for fun, or profit?. In WWW'13. 989--998.Google Scholar
Nikiforakis, Nick and Balduzzi, Marco and Desmet, Lieven and Piessens, Frank and Joosen, Wouter. 2014. Soundsquatting: Uncovering the use of homophones in domain squatting. In Information Security. Springer, 291--308. Google ScholarCross Ref
Nikiforakis, Nick and Van Acker, Steven and Meert, Wannes and Desmet, Lieven and Piessens, Frank and Joosen, Wouter. 2013. Bitsquatting: Exploiting bit-flips for fun, or profit?. In Proceedings of the 22nd international conference on World Wide Web. ACM, 989--998. Google ScholarDigital Library
pwc. 2014. ScanBox framework -- who's affected, and who's using it? http://pwc.blogs.com/cyber_security_updates/2014/10/ scanbox-framework-whos-affected-and-whos-using-it-1.html.(Octo- ber 2014).Google Scholar
pwc. 2015. Attacks against Israeli & Palestinian interests. http://pwc.blogs.com/cyber_security_updates/2015/04/ attacks-against-israeli-palestinian-interests.html. (April 2015).Google Scholar
pwc. 2015. Cyber Threat Operations Sofacy II-- Same Sofacy, Different Day. http://pwc.blogs.com/files/cto-tib-20150420-01a.pdf. (April 2015).Google Scholar
B. Rahbarinia, R. Perdisci, and M. Antonakakis. 2015. Segugio: Efficient Behavior- Based Tracking of Malware-Control Domains in Large ISP Networks. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on. 403--414. https://doi.org/10.1109/DSN.2015.35Google Scholar
root9B. 2015. APT28 targets Financial Markets ROOT9B RELEASES ZERO DAY HASHES. https://www.root9b.com/sites/default/files/whitepapers/ R9b_FSOFACY_0.pdf. (May 2015).Google Scholar
Ryan Kelly. 2016. PyEnchant a spellchecking library for Python. http: //pythonhosted.org/pyenchant/. (2016).Google Scholar
S. Krishnan and F. Monrose. 2011. An empirical study of the performance, security and privacy implications of domain name prefetching. In Dependable Systems Networks (DSN), 2011 IEEE/IFIP 41st International Conference on. 61--72. https://doi.org/10.1109/DSN.2011.5958207Google Scholar
SecureWorks. 2013. Secrets of the Comfoo Masters. https://www.secureworks. com/research/secrets-of-the-comfoo-masters. (July 2013).Google Scholar
Segaran, Toby and Hammerbacher, Jeff. 2009. Beautiful data: the stories behind elegant data solutions. " O'Reilly Media, Inc.".Google Scholar
Snyder, Peter and Kanich, Chris. 2015. No please, after you: Detecting fraud in affiliate marketing networks. In Proceedings of the Workshop on the Economics of Information Security (WEIS).Google Scholar
SOWPODS. 2016. SOWPODS Scrabble Word List. https://www.wordgamedictionary.com/sowpods/. (2016).Google Scholar
Symantec. 2013. Comment Crew: Indicators of Compromise. https://www.symantec.com/content/en/us/enterprise/media/security_ response/whitepapers/comment_crew_indicators_of_compromise.pdf. (February 2013).Google Scholar
Symantec. 2013. Hidden Lynx -- Professional Hackers for Hire. http://www.symantec.com/content/en/us/enterprise/media/security_ response/whitepapers/hidden_lynx.pdf. (September 2013).Google Scholar
Symantec. 2016. A Closer Look at MiniDuke. https://www.symantec.com/ connect/blogs/indian-organizations-targeted-suckfly-attacks. (May 2016).Google Scholar
TrendMicro. 2011. THE "LURID" DOWNLOADER. http://la.trendmicro.com/media/misc/lurid-downloader-enfal-report-en.pdf. (September 2011).Google Scholar
TrendMicro. 2014. 2Q Report on Targeted Attack Campaigns. http://la. trendmicro.com/media/misc/lurid-downloader-enfal-report-en.pdf. (January 2014).Google Scholar
TrendMicro. 2016. Looking Into a Cyber-Attack Facilitator in the Netherlands. http://documents.trendmicro.com/assets/appendix_ looking-into-a-cyber-attack-facilitator-in-the-netherlands.pdf. (April 2016).Google Scholar
TrendMicro. 2016. Securing Your Journey to the Cloud. http://www.trendmicro.com/. (2016).Google Scholar
Thomas Vissers, Wouter Joosen, and Nick Nikiforakis. 2015. Parking Sensors: Analyzing and Detecting Parked Domains. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS). Google ScholarCross Ref
Wang, Yi-Min and Beck, Doug and Wang, Jeffrey and Verbowski, Chad and Daniels, Brad. 2006. Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting. SRUTI 6 (2006), 31--36.Google Scholar
F. Weimer. 2005. Passive DNS Replication. In Proceedings of FIRST Conference on Computer Security Incident. Hand ling, Singapore.Google Scholar
Y. Chen and M. Antonakakis and R. Perdisci and Y. Nadji and D. Dagon and W. Lee. 2014. DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic. In Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on. 598--609. https://doi.org/10. 1109/DSN.2014.61Google Scholar

Index Terms

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation
    2. Social engineering attacks
  2. Network security
    1. Security protocols

Recommendations

Hiding in plain sight: an empirical study of web application abuse in malware
SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium

Web applications provide a wide array of utilities that are abused by malware as a replacement for traditional attacker-controlled servers. Thwarting these Web App-Engaged (WAE) malware requires rapid collaboration between incident responders and web app ...
Read More
Hiding in plain sight: characterizing and detecting malicious Facebook pages
ASONAM '16: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Facebook is the world's largest Online Social Network, having more than 1 billion users. Like most other social networks, Facebook is home to various categories of hostile entities who abuse the platform by posting malicious content. In this paper, we ...
Read More
DGA-based malware detection using DNS traffic analysis
RACS '19: Proceedings of the Conference on Research in Adaptive and Convergent Systems

A large number of malicious software communicate with C & C (Command and Control) servers to download resources for malicious actions or to receive commands to perform desired attacks. Malware needs to know C & C servers' IP addresses to communicate ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
October 2017
2682 pages
ISBN:9781450349468
DOI:10.1145/3133956
General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 30 October 2017
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
combosquatting
domain name system
domain squatting
network security
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '17 Paper Acceptance Rate151of836submissions,18%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 68
  Total Citations
  View Citations
- 2,028
  Total Downloads
- Downloads (Last 12 months)589
- Downloads (Last 6 weeks)100
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Hiding in plain sight: an empirical study of web application abuse in malware

Hiding in plain sight: characterizing and detecting malicious Facebook pages

DGA-based malware detection using DNS traffic analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Hiding in plain sight: an empirical study of web application abuse in malware

Hiding in plain sight: characterizing and detecting malicious Facebook pages

DGA-based malware detection using DNS traffic analysis

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media