Typo-squatting Just Got A Lot More Dangerous

Presented at DerbyCon 1.0 (2011), Unknown date/time (Unknown duration).

Domain typo-squatting is best known and most commonly used to perform phishing scams or spread malware to people whom accidentally misspell legitimate domain names in their Web browser. As widespread and effective as this attack vector is, it is certainly nowhere near the most dangerous use. Recently during a six-month span, we set up and monitored several “doppelganger domains” simulating a variety of Fortune 500 companies and we were alarmed with what we found. Over this period we collected over 120,000 individual emails (~20GB of data) which included included trade secrets, business invoices, employee PII, network diagrams, usernames and passwords, etc. In this presentation, we will cover a variety of domain typo-squatting attack techniques, show real world examples of what type of data can be leaked, and discuss methods of protection.


Presenters:

  • Garrett Gee
    Garrett Gee is a penetration tester, researcher, and entrepreneur. He has been in the information security industry for the last 14 years, and is an active member of the community. He is an OWASP chapter leader, and has authored several tools. In 2001 he developed the first bootable live cd for penetration testing and forensics called PLAC. He has appeared on several news venues such as 60 Minutes, ABC News, and The Washington Post.

Similar Presentations: