DRK

College of Engineering & Technology

TYPOSQUATTING
INTERNAL GUIDE NAME:M.Anila BATCH NO.:B-19 NAME:N.Sandarsh(10u51a1238)

DRK

College of Engineering & Technology

Typosquatting
Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.

Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.

TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Overview
The typosquatter's URL will usually be one of four kinds, all similar to the victim site address:

(In the following, the intended website is "example.com")

A common misspelling, or foreign language spelling, of the intended site: exemple.com

A misspelling based on typing errors: xample.com or examlpe.com

A differently phrased domain name: examples.com A different top-level domain: example.org
TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Contd.
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do this. Alternatively, the user will be forwarded to a site of a completely different nature from what they intended. This tactic was infamously used by John Zuccarini, who redirected domains targeting children to pornographic websites. Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, spyware or other malware.
TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Combatting typosquatting
A victim website should send a cease and desist letter to the offender at first, in an attempt to quell the activity. Another option would be to try to purchase the website address from the typosquatter, which could have been the typosquatter's aim all along. Occasionally, lawsuits are taken against the offending site or individual.

TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Contd.
A company may try to preempt typosquatting by obtaining a number of websites with common misspellings and redirect them to the main, correctly spelled website. For example www.gooogle.com, www.goolge.com, www.gogle.com, www.gewgle.com, and others, all redirect to www.google.com.

TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Contd
Microsoft has released new software to help combat this issue. The software is called "Strider Typo-Patrol". This is a tool that scans and shows third-party domains that are allegedly typo squatting.

It also lets parents restrict access to typo-squatting domains that show sexually oriented ads on typos of children's web sites.It highlights mis-spelt sites that use cookies and employ HTTP redirections. Both of these are commonly used mechanisms for providing Web Services and don't necessarily mean a site is hosted by a domain squatter.
TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Defensive registrations
Many site operators have resorted to registration of long lists of seemingly-duplicate names across multiple countries and toplevel domains; for instance, amazon.com is duplicated across most country code TLD's And a local version of Google exists in nearly every available inhabited region, including a nominally-localised google.pn for the Pitcairn Islands, population 56. Google's domain name is also registered (but inactive) in uninhabited Internet regions such as the French Antarctic territories.
TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Typosquatting and the law

In the US, 1999 Anti-Cybersquatting Protection Act (ACPA) contains a clause (Section 3(a), amending 15 USC 1117 to include sub-section (d)(2)(B)(ii)) aimed at combatting typosquatting. USA: Anticybersquatting Consumer Protection Act (ACPA) of 1999 allows trademark owners to obtain damages and injunctive relief in federal court when a third party with a bad faith intent to profit . . registers or uses a domain name that is identical or confusingly similar to a mark
TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

Contd..
No anti-cybersquatting laws in Europe India - TRIPS, Art. 16(2) and 16(3) Extends the protection to services, as well as to dissimilar goods and services

TECHNICAL SEMINAR

10

DRK

College of Engineering & Technology

Typosquatting

UDRP
(Unified Domain Name Dispute Resolution Policy)
In 1998, WIPO established its First Internet Domain Name Process to develop recommendations for the international community concerning issues with Internet domain names, including domain name dispute resolution Adopted by ICANN in 1999

TECHNICAL SEMINAR

11

DRK

College of Engineering & Technology

Typosquatting

Contd
A mandatory administrative dispute resolution procedure, which is uniform across all open general top-level domains Highly time- and cost effective when compared to court litigation

TECHNICAL SEMINAR

12

DRK

College of Engineering & Technology

Typosquatting

Contd..
Disputes are decided by independent panelists

A complainant must demonstrate that the disputed domain is identical with or confusingly similar to its trademark, that the respondent does not have a right or legitimate interest in the domain name and that the respondent registered and used the domain name in bad faith.
The sole remedy is the transfer of the domain name Decisions can be appealed to court
TECHNICAL SEMINAR

13

DRK

College of Engineering & Technology

Typosquatting

TECHNICAL SEMINAR

14

DRK

College of Engineering & Technology

Typosquatting

Examples
Wikipedia is a victim of typosquatting: en.wiipedia.org, en.wikpedia.org, www.eikipedia.org, www.wilipedia.org, en.wikipedi.org, en.wikipediia.org, www.wikipedi.com and www.wikipaedia.org as of 2007, are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.

TECHNICAL SEMINAR

15

DRK

College of Engineering & Technology

Typosquatting

Contd
Google's anti-typosquatting defense is incomplete; as of April 2006, "http://www.goggle.com" redirects to a rogue software vendor (particularly SpySheriff) rather than to Google. The site attempts to spam users with popups and also used to download Spysheriff without any further user action.
The US White House site "whitehouse.gov" is parodied at whitehouse.org; whitehouse.com at one point was the site of a notorious pornographic magazine.
16

TECHNICAL SEMINAR

DRK

College of Engineering & Technology

Typosquatting

CASE

Verizon Communications

TECHNICAL SEMINAR

17

DRK

College of Engineering & Technology

Typosquatting

Verizon Communications
Verizon Communications won a $31.15 million judgment against internet registrar OnlineNIC. Microsoft and Yahoo are also pursuing cases against the company. In Verizon's case, the company brought suit charging that OnlineNIC registered approximately 663 domain names either matching or similar to Verizon trademarks including Verizon-cellular[dot]com and Buyverizon[dot]net.

TECHNICAL SEMINAR

18

DRK

College of Engineering & Technology

Typosquatting

Contd
In court papers, Verizon claimed that OnlineNIC registered more than 900,000 domain names that were close to some of the globe's largest companies, including Google, Adidas, MySpace, Wal-Mart and Yahoo. OnlineNIC used an automated process to enable cybersquatters to register the URLs using numerous means to conceal its true identity, Verizon's suit claimed.

TECHNICAL SEMINAR

19

DRK

College of Engineering & Technology

Typosquatting

Contd
According to the default judgment issued Dec. 19 by Judge Jeremy Fogel in the U.S. District Court for the Northern District of California in San Jose, OnlineNIC must now pay Verizon $31.15 million. The company also was ordered to transfer the domain names under dispute to Verizon, and may no longer register domain names containing Verizon trademarks.

TECHNICAL SEMINAR

20

DRK

College of Engineering & Technology

Typosquatting

Contd
And, on Dec. 19, Yahoo filed a suit accusing OnlineNIC of cybersquatting and trademark infringement. The company accused OnlineNIC of registering more than 500 domain names that match or are similar to its brands, including Yahoozone[dot]com and Yahooyahooligan[dot]com.

TECHNICAL SEMINAR

21

DRK

College of Engineering & Technology

Typosquatting

Contd
Rediff.com India Ltd., which owns trademarks such as REDRIFFMAIL

and REDRIFF etc, won the typo domain Rediffmai.com in a recent WIPO case. Rediff is not a dictionary word. The disputed domain was parked and had pay-per-click ads related to many of Rediff's services. Obviously, Rediff deserved to win this domain. The respondent has a history of registering other domains, based on the names of other well-known companies: Quote: These include <bznkofamerica.com>, <goofgle.com>, <google4.com>, <facewbook.com>, <craigslisst.org>, <freiendster.com>, <amnestyinternational.org>, <photobucket.org>, <lycos.org>, <lycosasia.com>, <moorgate.com>, and <cottonell.com>.
TECHNICAL SEMINAR

22

DRK

College of Engineering & Technology

Typosquatting
.COM, .NET and .ORG Domain Names Terms
.COM - to be used for commercial and personal sites .NET - recommended for companies involved in Internet .ORG - recommended for not-for-profit organizations

TECHNICAL SEMINAR

23

DRK

College of Engineering & Technology

Typosquatting

Domain Registration Policy

OPEN REGISTRY Registration based on first-come first-served principle

It uses a robot for name registration to assure a non-

discriminatory registration procedure

TECHNICAL SEMINAR

24

DRK

College of Engineering & Technology

Typosquatting

Restrictions
A domain name cannot be registered with the purpose to be resell it Contact data provided should be complete Domain names cannot contain obscene, pornographic, injurious, offending words (use a list of prohibited words) Protect famous or very well known names

TECHNICAL SEMINAR

25

DRK

College of Engineering & Technology

Typosquatting

Domain name registration agreement

The registration agreement contains: -

a requirement that the domain name applicant provide accurate and reliable information and contact details consisting of: full name of the applicant; postal address; phone number; fax number; email address; primary and secondary nameservers (hostname, IP addresses) where the registrant is an organization, an association or a corporation, the name of an authorized person for contact purposes must be supplied;
TECHNICAL SEMINAR

26

DRK

College of Engineering & Technology

Typosquatting Domain Name Dispute Resolution Policy

The Registry will take action when it is clear that a registrant is breaching the Registration Rules. It may suspend delegation of an Internet Domain Name in certain circumstances: the domain name is being used in a manner likely to cause confusion to Internet users; the use of the domain name is misleading other Internet users; the who is contact data is inaccurate or false Fraudulent payment.

TECHNICAL SEMINAR

27

DRK

College of Engineering & Technology

Typosquatting

Contd.
When a dispute arises between a domain name holder and a complainant, the .ro Registry will assist the two parties to arrive at a mutually acceptable resolution to the dispute by mediation. When a mutual resolution is not successful, the complain is the subject of the Uniform Domain Name Dispute Resolution Policy endorsed and approved by ICANN (Internet Corporation for Assigned Names and Numbers). If the mediation is not successful, the complainant can submit the dispute either to WIPO (World Intelelctual Property), NAF (National Arbitration Forum) or to a court of Bucharest, Romania. When a party is not pleased with the WIPO decission, he/she can submit the dispute to a court in Bucharest
TECHNICAL SEMINAR

28

DRK

College of Engineering & Technology

Typosquatting

TECHNICAL SEMINAR

29

DRK

College of Engineering & Technology

Typosquatting

TECHNICAL SEMINAR

30

DRK

College of Engineering & Technology

Typosquatting

Bibliography
En.Wikipedia.org

Google.com

TECHNICAL SEMINAR

31

DRK

College of Engineering & Technology

Typosquatting

32