More Web Proxy on the site http://driver.im/

research-article

Large-Scale Analysis of Pop-Up Scam on Typosquatting URLs

Authors:

Lukas Daniel Klausner,

Sebastian SchrittwieserAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 53, Pages 1 - 9

https://doi.org/10.1145/3339252.3340332

Published: 26 August 2019 Publication History

Abstract

Today, many different types of scams can be found on the internet. Online criminals are always finding new creative ways to trick internet users, be it in the form of lottery scams, downloading scam apps for smartphones or fake gambling websites. This paper presents a large-scale study on one particular delivery method of online scam: pop-up scam on typosquatting domains. Typosquatting describes the concept of registering domains which are very similar to existing ones while deliberately containing common typing errors; these domains are then used to trick online users while under the belief of browsing the intended website. Pop-up scam uses JavaScript alert boxes to present a message which attracts the user's attention very effectively, as they are a blocking user interface element.

Our study among typosquatting domains derived from the Alexa Top 1 Million list revealed on 8 255 distinct typosquatting URLs a total of 9 857 pop-up messages, out of which 8 828 were malicious. The vast majority of those distinct URLs (7 176) were targeted and displayed pop-up messages to one specific HTTP user agent only. Based on our scans, we present an in-depth analysis as well as a detailed classification of different targeting parameters (user agent and language) which triggered varying kinds of pop-up scams.

References

[1]

Sherly Abraham and InduShobha Chengalur-Smith. 2010. An Overview of Social Engineering Malware: Trends, Tactics, and Implications. Technol. Soc. 32, 3 (2010), 183--196.

[2]

Alexa Internet, Inc. 2019. Alexa Top 1,000,000 Sites. (2019). http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

[3]

Yao-Ping Chou, Shi-Jinn Horng, Hung-Yan Gu, Cheng-Ling Lee, Yuan-Hsin Chen, and Yi Pan. 2008. Detecting Pop-Up Advertisement Browser Windows Using Support Vector Machines. J. Chin. Inst. Eng. 31, 7 (2008), 1189--1198.

[4]

Artem Dinaburg. 2011. Bitsquatting: DNS Hijacking without Exploitation. (2011). http://dinaburg.org/bitsquatting.html (presented at BlackHat Security 2011).

[5]

Benjamin Edelman. 2003. Large-Scale Registration of Domains with Typographical Errors. (2003). (unpublished).

[6]

Dara B. Gilwit. 2003. The Latest Cybersquatting Trend: Typosquatters, Their Changing Tactics, and How to Prevent Public Deception and Trademark Infringement. Wash. U. J. L. & Pol'y 11 (2003), 267--294. https://openscholarship.wustl.edu/law_journal_law_policy/vol11/iss1/11

[7]

Saul Hansell. 2004. As Consumers Revolt, a Rush to Block Pop-Up Online Ads. The New York Times (19 Jan 2004), C00001. https://www.nytimes.com/2004/01/19/business/as-consumers-revolt-a-rush-to-block-pop-up-online-ads.html

[8]

Tobias Holgers, David E. Watson, and Steven D. Gribble. 2006. Cutting Through the Confusion: A Measurement Study of Homograph Attacks. In Proceedings of the Annual Conference on USENIX '06 Annual Technical Conference (Annual Tech '06). USENIX Association, Berkeley, CA, United States, 261--266. https://www.usenix.org/legacy/events/usenix06/tech/holgers.html

Digital Library

[9]

Panagiotis Kintis, Najmeh Miramirkhani, Charles Lever, Yizheng Chen, Rosa Romero-Gómez, Nikolaos Pitropakis, Nick Nikiforakis, and Manos Antonakakis. 2017. Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, United States, 569--586.

Digital Library

[10]

Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2014. ANDRUBIS -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014). IEEE Computer Society, Washington, DC, United States, 3--17.

Digital Library

[11]

Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao, and Zaifeng Zhang. 2018. A Reexamination of Internationalized Domain Names: The Good, the Bad and the Ugly. In 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018). IEEE Computer Society, Washington, DC, United States, 654--665.

[12]

Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis. 2016. Dial One for Scam: A Large-Scale Analysis of Technical Support Scams. In 24th Network and Distributed System Security Symposium (NDSS 2017). Internet Society, Reston, VA, United States, 1--15.

[13]

Rami M. Mohammad, T. L. McCluskey, and Fadi Abdeljaber Thabtah. 2013. Predicting Phishing Websites using Neural Network trained with Back-Propagation. In Proceedings of the 2013 World Congress in Computer Science, Computer Engineering, and Applied Computing (WORLD-COMP'13). 682--686. http://eprints.hud.ac.uk/id/eprint/18246/

[14]

Rami M. Mohammad, Fadi Abdeljaber Thabtah, and Lee McCluskey. 2014. Predicting Phishing Websites Based on Self-Structuring Neural Network. Neural Comput. Appl. 25, 2 (2014), 443--458.

Digital Library

[15]

Nick Nikiforakis, Marco Balduzzi, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2014. Soundsquatting: Uncovering the Use of Homophones in Domain Squatting. In Information Security (ISC 2014, Lecture Notes in Computer Science 8783). Springer International Publishing, Cham, Switzerland, 291--308.

[16]

Nick Nikiforakis, Luca Invernizzi, Alexandros Kapravelos, Steven Van Acker, Wouter Joosen, Christopher Kruegel, Frank Piessens, and Giovanni Vigna. 2012. You Are What You Include: Large-Scale Evaluation of Remote JavaScript Inclusions. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12). ACM, New York, NY, United States, 736--747.

Digital Library

[17]

Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2013. Bitsquatting: Exploiting Bit-Flips for Fun, or Profit?. In Proceedings of the 22nd International Conference on World Wide Web (WWW '13). ACM, New York, NY, United States, 989--998.

Digital Library

[18]

Tianrui Peng, Ian Harris, and Yuki Sawa. 2018. Detecting Phishing Attacks Using Natural Language Processing and Machine Learning. In 12th IEEE International Conference on Semantic Computing (ICSC 2018). IEEE Computer Society, Washington, DC, United States, 300--301.

[19]

Julian Rauchberger, Sebastian Schrittwieser, Tobias Dam, Robert Luh, Damjan Buhov, Gerhard Pötzelsberger, and Hyoungshick Kim. 2018. The Other Side of the Coin: A Framework for Detecting and Analyzing Web-Based Cryptocurrency Mining Campaigns. In Proceedings of the 13th International Conference on Availability, Reliability and Security (ARES 2018). ACM, New York, NY, United States, Article 18, 10 pages.

Digital Library

[20]

Shelly Rodgers and Esther Thorson. 2000. The Interactive Advertising Model: How Users Perceive and Process Online Ads. J. Interact. Advert. 1, 1 (2000), 41--60.

[21]

Mike Schiffman. 2018. Farsight Security Global Internationalized Domain Name Homograph Report Q2/2018. (2018). https://info.farsightsecurity.com/farsight-idn-research-report (unpublished).

[22]

David Sharek, Cameron Swofford, and Michael Wogalter. 2008. Failure to Recognize Fake Internet Popup Warning Messages. Proc. Hum. Factors Ergon. Soc. Annu. Meet. 52, 6 (2008), 557--560.

[23]

Min Zheng, Hui Xue, Yulong Zhang, Tao Wei, and John C. S. Lui. 2015. Enpublic Apps: Security Threats Using iOS Enterprise and Developer Certificates. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS '15). ACM, New York, NY, United States, 463--474.

Digital Library

Cited By

Lepipas ABorovykh ADemetriou SQuek TGao DZhou JCardenas A(2024)Username Squatting on Online Social Networks: A Study on XProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637637(621-637)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637637
Kotzias PRoundy KPachilakis MSanchez-Rola IBilge L(2023)Scamdog Millionaire: Detecting E-commerce Scams in the WildProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627184(29-43)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627184
Koide TFukushi NNakano HChiba D(2023)PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain NamesProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627111(1-13)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627111
Show More Cited By

Recommendations

How Experts Detect Phishing Scam Emails
CSCW

Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails ...
Email typosquatting
IMC '17: Proceedings of the 2017 Internet Measurement Conference

While website domain typosquatting is highly annoying for legitimate domain operators, research has found that it relatively rarely presents a great risk to individual users. However, any application (e.g., email, ftp,...) relying on the domain name ...
A phishing analysis of web based systems
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & Security

Phishing is form of identity theft that uses the social engineering techniques and sophisticated attack vectors to harvest financial information from unsuspecting consumers. It is a kind of attack in which phishers use spoofed emails and fraudulent web ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Christian Doppler Forschungsgesellschaft
Bundesministerium für Digitalisierung und Wirtschaftsstandort
Österreichische Forschungsförderungsgesellschaft

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
298
Total Downloads

Downloads (Last 12 months)64
Downloads (Last 6 weeks)6

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lepipas ABorovykh ADemetriou SQuek TGao DZhou JCardenas A(2024)Username Squatting on Online Social Networks: A Study on XProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637637(621-637)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637637
Kotzias PRoundy KPachilakis MSanchez-Rola IBilge L(2023)Scamdog Millionaire: Detecting E-commerce Scams in the WildProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627184(29-43)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627184
Koide TFukushi NNakano HChiba D(2023)PhishReplicant: A Language Model-based Approach to Detect Generated Squatting Domain NamesProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627111(1-13)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627111
Xia PWang HYu ZLiu XLuo XXu GTyson GBarakat CPelsser CBenson TChoffnes D(2022)Challenges in decentralized name managementProceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561469(65-82)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561469
Hong GYang ZYang SLiaoy XDu XYang MDuan H(2022)Analyzing Ground-Truth Data of Mobile Gambling Scams2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833665(2176-2193)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833665
Teixeira LDe Barros JFernandes BDa Silva C(2022)CatchPhish: Model for detecting homographic attacks on phishing pages2022 International Joint Conference on Neural Networks (IJCNN)10.1109/IJCNN55064.2022.9892525(01-08)Online publication date: 18-Jul-2022
https://doi.org/10.1109/IJCNN55064.2022.9892525
Ou HGuo YHuang CZhao ZGuo WFang YHuang C(2022)No Pie in the Sky: The Digital Currency Fraud Website DetectionDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_11(176-193)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_11
Loyola PGajananan KKitahara HWatanabe YSatoh F(2020)Automating Domain Squatting Detection Using Representation Learning2020 IEEE International Conference on Big Data (Big Data)10.1109/BigData50022.2020.9377875(1021-1030)Online publication date: 10-Dec-2020
https://doi.org/10.1109/BigData50022.2020.9377875

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents