The Com Laude Casebook: Malware Distribution

You’ve built a successful business.  Like all modern organisations, whether or not you actively sell your product or service online, you’ve found that the Internet is an incredibly valuable tool for promotion.  It can even be a highly important channel in its own right and, for some businesses, it’s the only channel.  Traffic is value.

Businesses like yours want more Internet traffic. Many even pay to drive it, through search engine optimisation, pay-per-click advertising and content creation. However, it is of great interest to bad actors too, who steal and redirect it in a variety of ways. Some of their methods may even surprise you.  A case handled by Com Laude in July 2019 illustrates just what this looks like in real life.

A client contacted us as they were beginning to receive complaints that their website was deploying malware.  Except it wasn’t – they were clean.  So what was going on?  This was traffic theft, and it works like this.  There is a bridge that sits between two critical points, the interested party and the website.  That’s the domain name. Adopting a confusingly similar domain has been the method of choice for Internet traffic theft for over 20 years. In this case, the client was the victim of a ‘typo domain’ – a commonly mistyped variant of their own name configured to go straight to the bad actor’s website.

The customer complaints were coming from Internet users who had discovered the typo domain on a search engine, or just mistyped it into their browser.  Because there was no error message, they had no idea.  The client’s traffic was compromised.  On arrival at the bad actor’s site, malware was silently deployed on to each customer’s machine, capturing important information. The agenda was simple. The more traffic stolen, the further the trojan or other malware variant could travel, causing havoc as it went.  The client’s brand seemed to be responsible for this and, as the accusations mounted, it faced reputational damage.

What could be done? Implementing a good detection system for typo domains was a positive start. Com Laude provides detection as a standard service within their domain name monitoring tool, Com Laude Watch. Not only does it look for common typos in newly registered domains, but also brings them to the client’s attention. In addition, it reports on instances where malware has been deployed. This would catch future instances.  The next step was to challenge the typo domain under the relevant domain name dispute resolution policy and win its transfer into the client’s portfolio.

Once the transfer was made, Com Laude suggested a simple redirect to ensure that our client benefitted from all of the increased typo traffic which had been generated by the bad actor. The process was carried out by our technical team forwarding it back to the client’s own, genuine website.  More traffic equals more value.

Every cloud has a silver lining.

If you would like to know more about our domain name monitoring service, contact us.

Uncover more real-life scenarios in our Com Laude Casebook series here.

We use cookies on this site to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies.

OKNo; give me more information