E-mail Typos Grabbed 20 GB of Stolen Data
Researchers revealed a novel Internet cyber squatting attack targeted towards grabbing confidential company information by hijacking e-mails. This typo-squatting domain has enabled hijacking of 20 GB data over a period of six months, reports PC PRO on September 9, 2011.
Typo-squatting can be defined as a very popular phenomenon on the Internet employed for circulating malware. Many a times, users misspell a URL name while typing and thus visit a fake site that impersonates an original site.
In the words of researchers at security Think-Tank, the Godai Group a doppelganger domain is defined as a domain resembling a legitimate and fully qualified domain but missing small typos in the host/sub domain and domain name, which could be used purposefully for malicious purposes," reports news on PC PRO on September 9, 2011.
Researchers also concluded that about 30% of the Fortune 500 companies including IT companies, such as Yahoo, Dell, Cisco, IBM, HP, and IBM were susceptible to this sort of scam.
The prerequisite to combat such dubious attempt requires registering a doppelganger domain and configuring an e-mail server for receiving all correspondence addressed to anyone at that domain. The hijackers convincingly anticipate users to misspell a certain percentage of e-mails sent by people.
For analyzing the vulnerability of such a resolution, researchers set up 30 doppelganger accounts for several firms and established that the accounts had enticed about 120,000 e-mails over a period of 6-months time.
However, the worst part of this thankless job of setting up doppelganger accounts came to fore, when out of 30 companies, only one firm resorted to cope up with the security firm.
Further, the researchers also unveiled that several doppelganger domains had by now registered themselves with some of the largest companies in the US but their entities appeared to be based in China. This suggests that the snoops had by now been using such deceived accounts for intervening valuable corporate communications.
However, researchers recommended companies to purchase such safe domains and safeguard their companies from future illegal interception.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 20-09-2011