Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse

Conference item


Kintis, P, Miramirkhani, N, Lever, C, Chen, Y, Romero-Gómez, R, Pitropakis, N, Nikiforakis, N and Antonakakis, M (2017). Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. Association of Computer Machinery's Computer and Communications Security (ACM CCS) 2017. Dallas, Texas USA 30 Oct - 02 Nov 2017 London South Bank University. doi:10.1145/3133956.3134002
AuthorsKintis, P, Miramirkhani, N, Lever, C, Chen, Y, Romero-Gómez, R, Pitropakis, N, Nikiforakis, N and Antonakakis, M
Abstract

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register domains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.

Keywordscs.CR; cs.CR
Year2017
PublisherLondon South Bank University
Digital Object Identifier (DOI)doi:10.1145/3133956.3134002
Accepted author manuscript
License
CC BY 4.0
Publication dates
Print30 Oct 2017
Publication process dates
Deposited27 Jun 2018
Accepted01 Aug 2017
Permalink -

https://openresearch.lsbu.ac.uk/item/86x31

  • 3
    total views
  • 20
    total downloads
  • 0
    views this month
  • 1
    downloads this month

Related outputs

Towards a Security Enabled and SOA-based QoS (for the Smart Grid) Architecture.
Chrysoulas, C and Pitropakis, N (2018). Towards a Security Enabled and SOA-based QoS (for the Smart Grid) Architecture. EAI Endorsed Transactions on Industrial Networks and Intelligent Systems. 4, pp. e4-e4.
The far side of mobile application integrated development environments
Lyvas, C, Pitropakis, N and Lambrinoudakis, C (2016). The far side of mobile application integrated development environments. 13th International Conference Trust, Privacy and Security in Digital Business. Porto, Portugal 07 - 08 Sep 2016 London South Bank University. doi:10.1007/978-3-319-44341-6_8
The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud
Pitropakis, N, Lyvas, C and Lambrinoudakis, C (2017). The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud. The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization. Athens 19 - 21 Feb 2017 London South Bank University.