A Comprehensive Measurement Study of Domain-squatting Abuse

Domain-squatting abuse refers to the premeditated attempt by an attacker to register perceptively confusing domain names thereby tricking visitors into querying them. There are totally five squatting types have been investigated so far, namely typo-squatting, bit-squatting, homograph-squatting, sound-squatting, and combo-squatting. Existing researches only focus on one specific squatting type and never explore the relationship among them. In this paper, we perform the first comprehensive measurement study of domain-squatting abuse. We select 786 the most queried domains, and hunt for squatting abuses against them in LSP-level DNS traffic. We find that although typo-squatting accounts for most of squatting domains, combo-squatting are able to attract more traffic. Our further case studies show that parking ads is still the most important way for attackers to make profits. The only exception is combosquatting, in which squatters tend to leverage the reputation of squatted domains to develop their own business. It is worth noting that some squatting domains are even used to deliver malware. Moreover, the Alexa ranks of certain squatting domains have already surpassed the original domains. These results clearly call for the need to better protect the intellectual property of domain names.