Developers Club geek daily blog

2 years, 10 months ago
There was a new kind of cybersquatting named with a saundskvotting (from English "soundsquatting"). The action essence also consists in illegal use of domain names, only by means of homophones — words of identical sounding and at the same time different writing (for example, "eight" and "ate" — are written differently, and aurally it is difficult to distinguish them). Internet swindlers or saundskvotter select popular domains and find to them conformable names. As a result they receive the websites to which attendance thanks to conformable similarity to popular resources is guaranteed.

Saundskvotting — a new type of fraud with domains

For example, on the basis of the authoritative website about weather of weatherportal.com, the saundskvotter can register the whetherportal.com domain, having intercepted thereby part of users, on - an error of printing "whether" instead of "weather". Aurally that these two words are similar.

The disorientation of users amplifies when the homophone contains the same value, as the original domain. So left with the American bank Guaranty Bank. The name of the website of this financial structure is guarantybanking.com. Saundskvottera dexterously rearranged letters and created conformable domain name of guaranteebanking.com. It is difficult to predict what spelling will be selected by the person who heard about this bank for the first time. And, having visited the website with the pseudo-domain, the unsophisticated user can not notice a dirty trick even. Let the website double have no design, there is no normal navigation and it looks strange, but provides banking services actually.

The problem of a saundskvotting purchases a strategic importance as the audience of the mobile Internet constantly increases, appears a set of applications with voice recognition function. Also the number of the devices using means of sound conversion of the text (smartphones, tablets, computer hours, etc.) grows.

Specialists began to analyze the first 15 000 domains, from them more than 10 000 — potentially vulnerable for a new type of deception. For 3000 domain names conformable doubles are already registered. From them every third is filled with harmful contents, viruses or advertizing. Saundskvottera such domains in the different purposes are used: for demonstration of advertizing, theft of traffic at legal owners, carrying out a phishing attack, theft of personal data, installation of malicious software of nothing to the suspecting users.

First of all people with a poor eyesight who directly depend on a soundtrack of the application or the device fall under blow. The users having problems with hearing are not less vulnerable. Even the person with good hearing will not always hear a difference between the original name of the domain and a name, conformable with it (for example, idle, idol or idyll).

Saundskvotting — a new type of fraud with domains

The victims of a saundskvotting are also users who work with sound applications and for certain reasons cannot interact properly with computers, other Internet devices without use of auxiliary technologies. Using the software with function of sound reproduction of the text, the harmful domain similar on sounding, it will be almost identical to the present.

One of the companies on collecting of statistics of attendance of the websites carried out the analysis of a rating of top-10 000 websites. 8480 domain names, vulnerable for a saundskvotting were as a result revealed. From them 1823 (22%) pseudo-domains which are already registered. With their help phishing attacks, installation of malicious software, start of viruses were carried out. Some resources placed advertizing and, enjoying popularity of original domains, abducted a traffic. To all famous YouTube.com also underwent a saundskvotting and purchased to himself the double — utube.com. On this resource the video website with pop-up advertizing is located.

In total 1040 of 1823 domain names registered within a saundskvotting were marked as harmful. Actually, owners of brands register domains, similar in the name too (8,5% fall to their share). But the truth rather more prosaic also do not cause their motives harming the rest.

AutoSS program


How to deal with the arisen problem? Unfortunately, there are no automatic methods of identification of a saundskvotting yet. It is possible to use the website homophone.com and in the manual mode to reveal the homophones which are present at domain names. But the companies are engaged in development of tools. In the near future has to there will be AutoSS (AutoSoundSquatter) — the tool which will be able automatically to generate various domain names, popadayemy under threat of a saundskvotting.

Saundskvotting — a new type of fraud with domains

AutoSS will rely on three main directions. Starting with the original domain sheet. More popular domain names respectively and the first in a risk zone. Based on the list of 10 000 leading websites, AutoSS will generate for them various options of homophones. Then the dictionary list of the existing words retrieved from domain names will be made. For example, in the youtube.com domain the dictionary will set algorithm of direct search for all attendees of words (up to "you" and "tube"). Transformation rules will be a final and important point. The database of the English homophones which is available on the website homophone.com will be required.

But AutoSS have shortcomings. He uses the English dictionary and according to it defines words in domains. For example, in domain name of laredoute.fr (the French electronic shop) the program will separate the domain into the words "lare", "do" and "ute" that will be incorrect. On the other hand, different language versions of the program will appear over time.

The studied saundskvotting domains for determination of features of users


Original domain Couple to a homophone Saundskvotting domains Number of requests of users in a month
thefreedictionary.com { the, thee } theefreedictionary.com 283 (39.86%)
fc2.com { 2, too } fctoo.com 165 (44.84%)
jimdo.com { do, doe } jimdoe.com 150 (38.27%)
turbobit.net { bit, bitt } turbobitt.net 132 (36.07%)
leboncoin.fr { coin, quoin } lebonquoin.fr 110 (74.32%)
adserverplus.com { ad, add } addserverplus.com 98 (60.49%)
profitclicking.com { profit, prophet } prophetclicking.com 56 (48.28%)
hostgator.com { gator, gaiter } hostgaiter.com 45 (45.92%)
sitesell.com { sell, cel } sitecel.com 44 (40.00%)
discuz.net { disk, disk } diskuz.net 43 (40.19%)
tube8.com { 8, ait } tubeait.com 42 (43.30%)
clixsense.com { sense, scents } clixscents.com 40 (44.44%)
a8.net { 8, eight } aeight.net 48 (43.24%)
newegg.com { new, gnu } gnuegg.com 37 (36.63%)
redtubelive.com { red, read } readtubelive.com 44 (51.76%)
fiverr.com { err, air } fivair.com 33 (37.93%)
exoclick.com { click, clique } exoclique.com 32 (45.71%)
theglobeandmail.com { mail, male } theglobeandmale.com 35 (38.46%)
pastebin.com { bin, been } pastebeen.com 35 (39.77%)
ku6.com { 6, sics } kusics.com 28 (33.33%)

This article is a translation of the original post at habrahabr.ru/post/272849/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus