Microsoft has released an Internet Explorer plug-in that reveals the true scale of the phenomenon of squatting popular URLs with mis-spelled equivalents.
A domain can be typed into the Stryder URL Tracer tool and used to generate all the mis-spelled sites the typo neighbourhood as Microsoft terms it - that are hanging off it. These can be analysed in some detail, including sub and linked domains, and blocked if desired.
According to the company, the technique of registering typos of popular domains has turned into a good business thanks to Googles AdSense for domains program.
Adsense is a free service whereby Google will bring up ads for inactive or parked domains, and is widely used by so-called typo-squatters to generate ad traffic from domains registering using any one of a multitude of common misspellings.
These can promote a range of unrelated services including, in some cases, porn, spyware and phishing. The majority of them appear to be with registered using a small number of domain-parking services, including at least one owned by Google itself.
The number of domains that can be generated from one popular URL is vast. As well as missing or adding characters near the beginning or end of a URL, they can also use missing dots between address fields, and random character permutations within the address.
The more popular and established a domain, the more likely it is to attract the interest of the typo domain squatters. Washington Post and Slashdot are two domains that appear to generate a long list of squatting domains, while even Microsoft itself has been targeted by the domain squatters.
Our Typo-Patrol work proposes the first automatic and systematic approach to discovering and analysing typo domains and typo-squatters, the authors of Microsofts detailed report on the subject states.
We encourage parking services that are really serious about enforcing their policies to use our tool to discover systematic typo-squatting domains that participate in their parking programs and to identify large-scale typo-squatters among their customers, the paper concludes.
The tool can be downloaded from the Microsoft website (installation requires IE 6.0 and version 2.0 of the .Net framework).