Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Network Operating Systems Portables (Apple) Security The Internet United States Windows iMac News Technology

Typosquatters Running .om Domain Scam To Push Mac Malware (threatpost.com) 64

msm1267 writes from an article on Threatpost: Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web. According to Endgame security researchers, the top level domain for Middle Eastern country Oman (.om) is being exploited by typosquatters who have registered more than 300 domain names with the .om suffix for U.S. companies and services such as Citibank, Dell, Macys and Gmail. Endgame made the discovery last week and reports that several groups are behind the typosquatter campaigns. Mac OS X users are being singled out in this typosquatting campaign with malware. According to Endgame, when a Mac user stumbles on one of the typosquatters' webpages, a fake Adobe Flash update pops up and attempts to trick users to install the advertising component called Genieo. Endgame suspects that typosquatters are exploiting a hole in Oman's domain name registration process. When Endgame tried to register a domain it was asked to verify that it had the authority to registrar a specific commercial domain. "It's unclear how typosquatters were able to register so many domains in such a short period of time," Endgame said.
This discussion has been archived. No new comments can be posted.

Typosquatters Running .om Domain Scam To Push Mac Malware

Comments Filter:
  • no it's not.
  • Easy fix (Score:4, Insightful)

    by BarbaraHudson ( 3785311 ) <barbara.jane.hud ... minus physicist> on Monday March 14, 2016 @08:37PM (#51697491) Journal
    The easy fix is to switch to a fixed-width, fixed-size font so that things like bankofarnerica don't look like bankofamerica, etc.
    • I hate it when things look like one thing, but actually are another.
    • What about fonts that male I look like L

    • The easy fix is to switch to a fixed-width, fixed-size font so that things like bankofarnerica don't look like bankofamerica, etc.

      No, the easy fix is to never update software from anywhere other than the developer's website. Has the bonus feature of always working now and forever on every OS.

      • by Anonymous Coward

        The developer of my software used SourceForge and I got Malware, you insensitive clod!

      • by Jeremi ( 14640 )

        No, the easy fix is to never update software from anywhere other than the developer's website. Has the bonus feature of always working now and forever on every OS.

        You have a lot of faith in the incorruptibility of your DNS server, I see. :)

      • The easy fix is to switch to a fixed-width, fixed-size font so that things like bankofarnerica don't look like bankofamerica, etc.

        No, the easy fix is to never update software from anywhere other than the developer's website. Has the bonus feature of always working now and forever on every OS.

        perhaps you missed the part of this story that says it is about typosquatters? I am sure Ubuntu.om or maybe redhat.om will happily serve you up your "safe" updates.

        • I think the domain names would actually be redhatc.om and ubuntuc.om, were someone swapped the . and the c
          • most likely if they are doing this they would be cover that and many other combinations, why limit yourself to one domain when 20 or 30 misspellings will net you far more careless users. What I don't understand is why they went the route of installing malware. They were in a position to get users to enter bank details and other identity information as the users thinks they are at the trusted site they typed in, malware just raises the suspicion level when they could have harvested far more by careful select
            • Because just obtaining the logins isn't enough, delivering a malware payload to the end system offers full control and monitoring. The reality is, your bank account info isn't that important, and most banks / credit cards do indeed have fraud protection. So what's the goal of malware now? Crypto locking stuff, and more importantly, crypto currency mining/generation. I can make more money than I'll even be able to steal from your bank account (tracable) by placing your device into a malware driving bitco
    • I just gave up and started typing things like "bank of america" (actually bofa) into Google. If I make a typo, it almost always catches it and suggests the correct URL.
    • Comment removed based on user account deletion
      • by ruir ( 2709173 )
        I am running an internal DNS at home, BIND+RPZ, and as reading this article I added .OM to my RPZ. Problem solved.
  • Really? (Score:5, Funny)

    by 110010001000 ( 697113 ) on Monday March 14, 2016 @08:39PM (#51697497) Homepage Journal
    I tried all the domains mentioned with a Mac and didn't see anything, just a bunch of 404s, domain name holding pages and redirects to the proper .com name. I guess investigative reporting isn't what it used to be. I'll be back responding to your comments once I upgrade Flash. Apparently it is out of date.
  • I didn't know this was a word.

    I guess we can thank all the greedy folks at ICANN for the subdomain cash grab that gives typosquatters so many new possiblities.

  • Oh, typosquatters, I'm always amazed at how much work you're willing to do in the hopes that you'll be able to screw people over.

    • really? typosquatting is one of the easiest routes to hijack unsuspecting users. Much better than a phishing email as the user if presented right in the browser will be seeing their banks page asking them to update X or please enter your credentials. typosquatting is the lazy way to get users to your dodgy site.
    • Typosquatting isn't done to screw people over, it's done to screw them out of money. The generalized screwing over is just a byproduct of the financial redistribution efforts.
  • by PPH ( 736903 )

    ... $current_year and still using Flash.

    • by chthon ( 580889 )

      Maybe Anonymous should do a campaign against king.com, so that their games do not need Flash any more.

  • Who the hell types .com? It's 2016 and most modern browsers (anything but IE I suspect) figure out what you mean. google in the address bar is the same as "google.com" and the only time I specify a root is when I want the Canadian site without turning on location.
  • Tell me again why the US should give up control of the internet?

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...