The Bad Hacking Community is continuing to target people who inadvertently fail to put the c into a .com internet address.
This kind of caper is not new, but according to a security company called Endgame, the bastards who like registering .om domains and loading them with malware have been particularly busy of late.
The firm admitted that it noticed this when trying to watch some Netflix. It warns that unsuspecting users risk being infected by a nasty little download called Genieo.
“House of Cards Season 4 debuted on Netflix this past weekend, much to the joy of millions of fans, including many Endgamers. One particular Endgamer made an innocent, but potentially damaging mistake,” it said.
“He mistyped the domain ‘www.netflix.com’ as ‘netflix.om’ in his browser, accidentally dropping the ‘c’ in ‘.com’. He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist. Instead, due to the registration of ‘netflix.om’ by a malicious actor, the domain resolved successfully.”
“His browser was immediately redirected several times, and eventually landed on a ‘Flash Updater’ page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups. Luckily, the Endgamer recognized danger and retreated swiftly, avoiding harm.”
That’s OK for them, but what about anyone else who finds themselves wandering into om’s way? They could be in serious trouble.
“Our research revealed that there is at least one major .om typosquatting campaign targeting many of the world’s largest organizations. It has already targeted over 300 well-known organizations, including Netflix, and given the spike in activity in February, is likely to only attempt to expand its reach in March. While the typosquatting campaign currently is a relatively unsophisticated effort, this kind of opportunistic behavior is typical of typosquatting and watering hole campaigns,” added the firm.
“Our research also indicates that .om domains associated with the vast majority of major brands may be unregistered. It does not appear that companies are widely including the .om in their typosquatting mitigation strategies. We strongly recommend doing so.”