Hackers Buying Domains to Exploit Famous Brands

Security vendor FInjan Inc. today revealed a new technique used by the hackers to trick visitors on malicious websites which could help them hack their computers. It seems that the attackers are now attempting to buy new domains similar to the ones owned by famous brands and companies. For example, a hacker may acquire a domain named exampIe.com in order to trick the users into thinking they are visiting example.com (notice that the first address contains an "I" and not an L).

After the domain is bought, the can easily create a copy of the genuine page and make it available through the new URL. From now on, they can start inviting visitors to the page and require all sorts of information. Just like a phishing attack, only it's well improved. For example, an email message sent to a potential victim could say "Please visit exampIe.com to reactivate your account." As you can see, the malicious link is not too different from the genuine one.

"In today's dynamic web environment, it is becoming increasingly difficult to keep track of the malicious content by maintaining lists of malicious domain names or URLs." According to Finjan CTO Yuval Ben-Itzhak, "In order to safeguard users from these malicious web threats, businesses should adopt real-time inspection technologies that analyze each piece of web content regardless of its URL or IP address. Attempts to pattern malicious code and create signatures, or to categorize known malicious sites, are sometimes "too little, too late" when it comes to providing adequate protection to today's dynamic and evasive web threats. The way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does it."

While a traditional phishing attempt can be easily discovered by analyzing the URL link, this new type of attacks is more dangerous as the new domain is pretty similar to the genuine page, being able to trick numerous visitors. That's why you're advised to avoid entering your credentials on any website, except the original and trusted ones.