Researchers examine domain names that contain famous trademarks combined with other words.
George Tech, in collaboration with Stony Brook University and London South Bank University, has released a study (pdf) of what it calls “combosquatting” in domain names. The findings are being discussed as part of the Association of Computer Machinery’s Computer and Communications Security 2017 conference in Dallas this week.
The researchers define combosquatting as combining a trademark with additional words, such as bankofamerica-somethingelse-anotherword.com. This compares to typosquatting, in which the domain name consists of a typo of a popular brand.
They found that the domain names are used for a number of malevolent purposes including phishing, malware, and affiliate abuse. I imagine a lot of what they captured under affiliate abuse used zero click parking. (I typed in one of the domains in the study and it went to the misleading download site I pointed out earlier this month.)
The domains are infrequently recovered by the affected brands. 60% of abusive combosquatting domains live for more than 1,000 days.
Many of the abusive domain names use SSL certificates, adding to their perceived validity.
The study suggests that the prevalence of combosquatting can be reduced by defensive registrations and registrars preventing domains with famous trademarks from being registered without verification.