October 31. It’s Halloween today – probably the most exciting holiday in a year for lots of people. And sure it’s a scary one too. But this post is not about ghosts, vampires, zombies or other Halloween characters. As usually, we’ll talk about spyware and malware, because some people just won’t rest. Even on Halloween. These people are typosquatters.
Typosquatting is a malicious activity aimed on tricking Internet users into visiting undesirable web sites. In practice it looks like this:
1. Typosquatter registers a web site with the name similar to popular Internet resource’s name like google.com or microsoft.com, so that the bogus address looks like googgle.com, microsofts.com, etc. In other words, the malicious site has almost the same address as a legitimate one, except for one or more spelling mistakes or different top-level domain extension (for example, .net instead of .com).
2. Unaware Internet user mistypes a web address getting it slightly wrong. This opens an undesirable web site registered by typosquatter. The user does not get the web browser’s default error page, as a site with slightly different name actually exists.
3. After the user accesses a bogus web page, automatic scripts in it perform predetermined malicious actions. Usually, they install downloader trojans, spyware and adware parasites, browser hijackers and other unsolicited software. Sometimes it’s corrupt antivirus or anti-spyware software, backdoors and active botnet components.
As you can see, visiting typosquatted Internet resources is dangerous. Why do we speak about this on Halloween? Well, the reason is that typosquatters have launched multiple malicious web sites with Halloween-related names, and most of them still not taken down. Furthermore, some fully legitimate, harmless sites were hacked by hackers to enable stealth installation of widely spread malware. They are also up and running.
Unfortunately, we do not have the complete list of all malicious Halloween web sites. This is virtually impossible, as most of such sites will disappear tomorrow or after a few days.
But we have to warn you. Be as careful as you can while browsing through holiday resources. Do not click on any pop-ups or advertisements, even if they are Halloween-related. Certain ads not only might be scams, but also malware.
If a dialog window popped out of nothing with standard “OK” or “Cancel”, “Yes” or “No” buttons, simply ignore it, do not push the buttons! Clicking on “Cancel” might install spyware or take you to a malicious web page. Close that dialog window by clicking o the Cross button instead, or use the Task Manager.
Enable real-time protection of your antivirus and anti-spyware software. Some monitors might slow down your system, but having them enabled while browsing holiday web sites is highly recommended.
And last, but not least. Spend more time with your family and not your computer :).