Neeraj Kumar, Sukhada Ghewari, Harshal Tupsamudre, Manish Shukla, S. Lodha
{"title":"当多样性遭遇敌意:网上银行域名抢注滥用研究","authors":"Neeraj Kumar, Sukhada Ghewari, Harshal Tupsamudre, Manish Shukla, S. Lodha","doi":"10.1109/eCrime54498.2021.9738769","DOIUrl":null,"url":null,"abstract":"In today’s digital era, a large number of users rely on banking websites to perform financial transactions. The widespread adoption of online banking and the monetary value associated with each user account make banking websites a potential target for domain squatting. Domain squatting is a common practice in which malicious actors register internet domain names which are similar to popular domains. In this work, we study the prevalence of domain squatting abuse that exploits inconsistent internet domain names used by popular banks across several countries including US, UK, Australia, Germany, China and India. An attacker exploits the inconsistencies present in the domain names to generate similar looking domains and use them for malicious purposes such as domain takeover, malware propagation, click fraud, phishing, stealing traffic, distribution of ads and malware.In this paper, we present the first context-free grammar (CFG) based algorithm that models inconsistencies in domain names of banking websites and use it to generate candidate domains. We also provide a comprehensive categorization technique to classify candidate domains into four different categories: defensive, malicious, suspicious and unrelated. Our study reveals that more than 3,000 domains that are either malicious or suspicious, targeting popular banks across different countries around the world. Further, we noticed prevalence of three forms of domain squatting, namely comboTLDsquatting, full-name squatting and brandname squatting. We found that most of the malicious and suspicious domains are instances of comboTLDsquatting. Our work shows that only few organizations are protecting their brands against domain squatting abuse by performing defensive registration. Further, our study identified different strategies used by malicious actors during domain registration in order to evade detection from security researchers and trick victims into disclosing their credentials. In particular, we discover that malicious actors use similar words, same TLDs, grammar rules and registrar for registering domains which are used in benign domains.","PeriodicalId":228129,"journal":{"name":"2021 APWG Symposium on Electronic Crime Research (eCrime)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking\",\"authors\":\"Neeraj Kumar, Sukhada Ghewari, Harshal Tupsamudre, Manish Shukla, S. Lodha\",\"doi\":\"10.1109/eCrime54498.2021.9738769\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In today’s digital era, a large number of users rely on banking websites to perform financial transactions. The widespread adoption of online banking and the monetary value associated with each user account make banking websites a potential target for domain squatting. Domain squatting is a common practice in which malicious actors register internet domain names which are similar to popular domains. In this work, we study the prevalence of domain squatting abuse that exploits inconsistent internet domain names used by popular banks across several countries including US, UK, Australia, Germany, China and India. An attacker exploits the inconsistencies present in the domain names to generate similar looking domains and use them for malicious purposes such as domain takeover, malware propagation, click fraud, phishing, stealing traffic, distribution of ads and malware.In this paper, we present the first context-free grammar (CFG) based algorithm that models inconsistencies in domain names of banking websites and use it to generate candidate domains. We also provide a comprehensive categorization technique to classify candidate domains into four different categories: defensive, malicious, suspicious and unrelated. Our study reveals that more than 3,000 domains that are either malicious or suspicious, targeting popular banks across different countries around the world. Further, we noticed prevalence of three forms of domain squatting, namely comboTLDsquatting, full-name squatting and brandname squatting. We found that most of the malicious and suspicious domains are instances of comboTLDsquatting. Our work shows that only few organizations are protecting their brands against domain squatting abuse by performing defensive registration. Further, our study identified different strategies used by malicious actors during domain registration in order to evade detection from security researchers and trick victims into disclosing their credentials. In particular, we discover that malicious actors use similar words, same TLDs, grammar rules and registrar for registering domains which are used in benign domains.\",\"PeriodicalId\":228129,\"journal\":{\"name\":\"2021 APWG Symposium on Electronic Crime Research (eCrime)\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 APWG Symposium on Electronic Crime Research (eCrime)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/eCrime54498.2021.9738769\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 APWG Symposium on Electronic Crime Research (eCrime)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/eCrime54498.2021.9738769","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
When Diversity Meets Hostility: A Study of Domain Squatting Abuse in Online Banking
In today’s digital era, a large number of users rely on banking websites to perform financial transactions. The widespread adoption of online banking and the monetary value associated with each user account make banking websites a potential target for domain squatting. Domain squatting is a common practice in which malicious actors register internet domain names which are similar to popular domains. In this work, we study the prevalence of domain squatting abuse that exploits inconsistent internet domain names used by popular banks across several countries including US, UK, Australia, Germany, China and India. An attacker exploits the inconsistencies present in the domain names to generate similar looking domains and use them for malicious purposes such as domain takeover, malware propagation, click fraud, phishing, stealing traffic, distribution of ads and malware.In this paper, we present the first context-free grammar (CFG) based algorithm that models inconsistencies in domain names of banking websites and use it to generate candidate domains. We also provide a comprehensive categorization technique to classify candidate domains into four different categories: defensive, malicious, suspicious and unrelated. Our study reveals that more than 3,000 domains that are either malicious or suspicious, targeting popular banks across different countries around the world. Further, we noticed prevalence of three forms of domain squatting, namely comboTLDsquatting, full-name squatting and brandname squatting. We found that most of the malicious and suspicious domains are instances of comboTLDsquatting. Our work shows that only few organizations are protecting their brands against domain squatting abuse by performing defensive registration. Further, our study identified different strategies used by malicious actors during domain registration in order to evade detection from security researchers and trick victims into disclosing their credentials. In particular, we discover that malicious actors use similar words, same TLDs, grammar rules and registrar for registering domains which are used in benign domains.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
