Professional Documents
Culture Documents
TYPOSQUATTING
INTERNAL GUIDE NAME:M.Anila BATCH NO.:B-19 NAME:N.Sandarsh(10u51a1238)
DRK
Typosquatting
Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.
Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter.
TECHNICAL SEMINAR
DRK
Typosquatting
Overview
The typosquatter's URL will usually be one of four kinds, all similar to the victim site address:
DRK
Typosquatting
Contd.
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. Sometimes competitors of the victim site will do this. Alternatively, the user will be forwarded to a site of a completely different nature from what they intended. This tactic was infamously used by John Zuccarini, who redirected domains targeting children to pornographic websites. Sometimes, the typosquatters will use the false addresses to distribute viruses, adware, spyware or other malware.
TECHNICAL SEMINAR
DRK
Typosquatting
Combatting typosquatting
A victim website should send a cease and desist letter to the offender at first, in an attempt to quell the activity. Another option would be to try to purchase the website address from the typosquatter, which could have been the typosquatter's aim all along. Occasionally, lawsuits are taken against the offending site or individual.
TECHNICAL SEMINAR
DRK
Typosquatting
Contd.
A company may try to preempt typosquatting by obtaining a number of websites with common misspellings and redirect them to the main, correctly spelled website. For example www.gooogle.com, www.goolge.com, www.gogle.com, www.gewgle.com, and others, all redirect to www.google.com.
TECHNICAL SEMINAR
DRK
Typosquatting
Contd
Microsoft has released new software to help combat this issue. The software is called "Strider Typo-Patrol". This is a tool that scans and shows third-party domains that are allegedly typo squatting.
It also lets parents restrict access to typo-squatting domains that show sexually oriented ads on typos of children's web sites.It highlights mis-spelt sites that use cookies and employ HTTP redirections. Both of these are commonly used mechanisms for providing Web Services and don't necessarily mean a site is hosted by a domain squatter.
TECHNICAL SEMINAR
DRK
Typosquatting
Defensive registrations
Many site operators have resorted to registration of long lists of seemingly-duplicate names across multiple countries and toplevel domains; for instance, amazon.com is duplicated across most country code TLD's And a local version of Google exists in nearly every available inhabited region, including a nominally-localised google.pn for the Pitcairn Islands, population 56. Google's domain name is also registered (but inactive) in uninhabited Internet regions such as the French Antarctic territories.
TECHNICAL SEMINAR
DRK
Typosquatting
DRK
Typosquatting
Contd..
No anti-cybersquatting laws in Europe India - TRIPS, Art. 16(2) and 16(3) Extends the protection to services, as well as to dissimilar goods and services
TECHNICAL SEMINAR
10
DRK
Typosquatting
UDRP
(Unified Domain Name Dispute Resolution Policy)
In 1998, WIPO established its First Internet Domain Name Process to develop recommendations for the international community concerning issues with Internet domain names, including domain name dispute resolution Adopted by ICANN in 1999
TECHNICAL SEMINAR
11
DRK
Typosquatting
Contd
A mandatory administrative dispute resolution procedure, which is uniform across all open general top-level domains Highly time- and cost effective when compared to court litigation
TECHNICAL SEMINAR
12
DRK
Typosquatting
Contd..
Disputes are decided by independent panelists
A complainant must demonstrate that the disputed domain is identical with or confusingly similar to its trademark, that the respondent does not have a right or legitimate interest in the domain name and that the respondent registered and used the domain name in bad faith.
The sole remedy is the transfer of the domain name Decisions can be appealed to court
TECHNICAL SEMINAR
13
DRK
Typosquatting
TECHNICAL SEMINAR
14
DRK
Typosquatting
Examples
Wikipedia is a victim of typosquatting: en.wiipedia.org, en.wikpedia.org, www.eikipedia.org, www.wilipedia.org, en.wikipedi.org, en.wikipediia.org, www.wikipedi.com and www.wikipaedia.org as of 2007, are all websites which contain pop-up ads, spyware/adware downloads, and ad-generating search engines.
TECHNICAL SEMINAR
15
DRK
Typosquatting
Contd
Google's anti-typosquatting defense is incomplete; as of April 2006, "http://www.goggle.com" redirects to a rogue software vendor (particularly SpySheriff) rather than to Google. The site attempts to spam users with popups and also used to download Spysheriff without any further user action.
The US White House site "whitehouse.gov" is parodied at whitehouse.org; whitehouse.com at one point was the site of a notorious pornographic magazine.
16
TECHNICAL SEMINAR
DRK
Typosquatting
CASE
Verizon Communications
TECHNICAL SEMINAR
17
DRK
Typosquatting
Verizon Communications
Verizon Communications won a $31.15 million judgment against internet registrar OnlineNIC. Microsoft and Yahoo are also pursuing cases against the company. In Verizon's case, the company brought suit charging that OnlineNIC registered approximately 663 domain names either matching or similar to Verizon trademarks including Verizon-cellular[dot]com and Buyverizon[dot]net.
TECHNICAL SEMINAR
18
DRK
Typosquatting
Contd
In court papers, Verizon claimed that OnlineNIC registered more than 900,000 domain names that were close to some of the globe's largest companies, including Google, Adidas, MySpace, Wal-Mart and Yahoo. OnlineNIC used an automated process to enable cybersquatters to register the URLs using numerous means to conceal its true identity, Verizon's suit claimed.
TECHNICAL SEMINAR
19
DRK
Typosquatting
Contd
According to the default judgment issued Dec. 19 by Judge Jeremy Fogel in the U.S. District Court for the Northern District of California in San Jose, OnlineNIC must now pay Verizon $31.15 million. The company also was ordered to transfer the domain names under dispute to Verizon, and may no longer register domain names containing Verizon trademarks.
TECHNICAL SEMINAR
20
DRK
Typosquatting
Contd
And, on Dec. 19, Yahoo filed a suit accusing OnlineNIC of cybersquatting and trademark infringement. The company accused OnlineNIC of registering more than 500 domain names that match or are similar to its brands, including Yahoozone[dot]com and Yahooyahooligan[dot]com.
TECHNICAL SEMINAR
21
DRK
Typosquatting
Contd
Rediff.com India Ltd., which owns trademarks such as REDRIFFMAIL
and REDRIFF etc, won the typo domain Rediffmai.com in a recent WIPO case. Rediff is not a dictionary word. The disputed domain was parked and had pay-per-click ads related to many of Rediff's services. Obviously, Rediff deserved to win this domain. The respondent has a history of registering other domains, based on the names of other well-known companies: Quote: These include <bznkofamerica.com>, <goofgle.com>, <google4.com>, <facewbook.com>, <craigslisst.org>, <freiendster.com>, <amnestyinternational.org>, <photobucket.org>, <lycos.org>, <lycosasia.com>, <moorgate.com>, and <cottonell.com>.
TECHNICAL SEMINAR
22
DRK
Typosquatting
.COM, .NET and .ORG Domain Names Terms
.COM - to be used for commercial and personal sites .NET - recommended for companies involved in Internet .ORG - recommended for not-for-profit organizations
TECHNICAL SEMINAR
23
DRK
Typosquatting
TECHNICAL SEMINAR
24
DRK
Typosquatting
Restrictions
A domain name cannot be registered with the purpose to be resell it Contact data provided should be complete Domain names cannot contain obscene, pornographic, injurious, offending words (use a list of prohibited words) Protect famous or very well known names
TECHNICAL SEMINAR
25
DRK
Typosquatting
a requirement that the domain name applicant provide accurate and reliable information and contact details consisting of: full name of the applicant; postal address; phone number; fax number; email address; primary and secondary nameservers (hostname, IP addresses) where the registrant is an organization, an association or a corporation, the name of an authorized person for contact purposes must be supplied;
TECHNICAL SEMINAR
26
DRK
TECHNICAL SEMINAR
27
DRK
Typosquatting
Contd.
When a dispute arises between a domain name holder and a complainant, the .ro Registry will assist the two parties to arrive at a mutually acceptable resolution to the dispute by mediation. When a mutual resolution is not successful, the complain is the subject of the Uniform Domain Name Dispute Resolution Policy endorsed and approved by ICANN (Internet Corporation for Assigned Names and Numbers). If the mediation is not successful, the complainant can submit the dispute either to WIPO (World Intelelctual Property), NAF (National Arbitration Forum) or to a court of Bucharest, Romania. When a party is not pleased with the WIPO decission, he/she can submit the dispute to a court in Bucharest
TECHNICAL SEMINAR
28
DRK
Typosquatting
TECHNICAL SEMINAR
29
DRK
Typosquatting
TECHNICAL SEMINAR
30
DRK
Typosquatting
Bibliography
En.Wikipedia.org
Google.com
TECHNICAL SEMINAR
31
DRK
Typosquatting
32