Tim Lince

A new study from cyber-operations platform Endgame has revealed at least one major typosquatting campaign, targeting hundreds of the world’s leading brands, using Oman’s national top-level domain, ‘.om’. The research, which looked at thousands of the most visited domains, also reveals that most brand-related ‘.om’ domains remain unregistered and are therefore vulnerable to use in malicious typosquatting operations.

The increasingly sophisticated methods that typosquatters are implementing was highlighted in a study last year, which looked at the 500 most popular websites (based on Alexa rankings) over seven months. That research revealed that over 95% of the domains were “actively targeted” by typosquatters for purposes including ad parking (in half of cases), affiliate abuse, adult content or hosting malware. The data, noted one of the co-authors of the study, demonstrated that typosquatting is “alive and well” and broadening in scope.

It is an issue that brands are all too acutely aware of. Digital enforcement to protect against domain squatters targeting users who misspell a web address therefore usually results in brands buying up additional domains related to its primary domain string, most commonly in ‘.com’. For example, if a user accidentally types in ‘googel.com’, ‘goolge.com’ or ‘gogole.com’, they will find themselves automatically redirected to the ‘google.com’ homepage.

However, new research has highlighted the typosquatting threat in the often overlooked ‘.om’ string. Conducted by Endgame at the beginning of this month, the research looked at the 5,000 most popular domains globally to see if the brand name resolved to either a ‘[brand].om’ or ‘[brand]c.om’ domain. Of those studied, 334 domains are currently active websites. Of those, just 15 of those were registered by the legitimate brand owner (including ‘pizzahut.om’, ‘icloud.om’ and ‘bbc.om’). The rest, it appears, are registered by third parties. Many are also still available – for instance, to return to the Google example, if a user enters ‘googlec.om’ or ‘google.om’, they do not currently resolve.

Of the third party brand-related ‘.om’ registrations, the research discovered that a large majority had been registered by a small number of individuals or entities. For example, one individual has registered 96 of the domains (including ‘bankofamerica.om’ and ‘youtube.om’), while another has registered 80 (including ‘googlec.om’ and ‘baidu.om’).

As to the use of such third party registrations, it appears that there are large scale, targeted typosquatting campaigns being conducted on the ‘.om’ ccTLD, with many domains redirecting visitors to adware sites or attempting to trick users into installing malicious software. While the study’s authors note that “the current typosquatting campaign is a relatively unsophisticated effort”, from a traffic point-of-view it states: “The actors behind this typosquatting attack have been quite successful. There are at least thousands of queries per day to the malicious ‘.om’ domains from different recursive DNS resolvers across the world.”

With many active brand-related ‘.om’ domains appear to be used for nefarious purposes, it is a worry that a large majority of the top 5,000 remain up for grabs. The researchers say this is a “concern” because “typosquatters could scoop up many more popular domain names in the ‘.om’ ccTLD” which would “exponentially increase the impact” of their typosquatting campaigns. “Most large companies already have a typosquatting mitigation strategy, [where they] identify domains, register, and control likely domains their customers may accidentally enter. We recommend that companies prioritise adding ‘.om’ registration to protect their reputation, and block known-malicious ‘.om’ domains to protect their enterprise.”

Other ccTLDs have previously appeared on brand owner radars. Colombia’s ‘.co’ and Cameroon’s ‘.cm’ have a high percentage of brand owner registrations (‘google.co’ and ‘google.cm’ both resolve, for example), so ‘.om’ would, in theory, be a relatively straightforward addition to that list.

One consideration that may affect that is price. A search on ‘101domains.com’ suggests that a typical ‘.co’ domain is priced at $29.95 a year, a ‘.cm’ is $108 a year, while a ‘om’ domain is significant higher, at $269 a year. For those with significant brand portfolios, registration costs could soon add up. While the number of strings that brand owners are required to have on their enforcement radar is growing exponentially, budgets are likely not increasing at the same rate. Nonetheless, ‘.om’ should be one to consider. While users will not accidentally find themselves at ‘brand.horse’ or ‘brand.hiphop’, this research shows that thousands are inadvertently visiting ‘brand.om’ sites.


Please log in or register to leave a comment.

There are no comments on this article

Share this article