• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs


You thought typos were harmless?

A recent PCMag.com blog post points out that the fake White House website whitehouse.org (no, I won't link you to it) has been hacked and is serving up malware.  Part of the issue here is that many people attempting to go to the government website www.whitehouse.gov will accidentally mistype it as whitehouse.org.  This is a specific case of a very real threat.

If you look at the list of the top 500 most popular websites according to Alexa.com.  How many of these domain names are easily misspelled or mistyped?  There is nothing stopping bad people from registering common typos of popular domains and then presenting the user with something that looks like the website they were expecting, complete with a login field ready to steal your username and password.

How catastrophic could it be if I accidentally typed ertade.com instead of etrade.com and a malicious user had set up a site that looks like E*Trade?  If I don't notice my mistake and attempt to log in, I have just given away the user name and password to critical financial information.  Not only will the attacker have access to my finances, they will also have access to even more personal information about me such as my home address, phone numbers, birthday, etc.  This information may be enough to commit full fledged identity theft.

This attack is called Typo-Squatting.  My fellow Symantec employee Oliver Friedrichs has written a very informative post on the Symantec Security Response blog about typo-squatting and its implications on the 2008 election.

The good news: Companies can combat this by registering the domain names for the most common typos of their domains.  For instance if you go to http://www.gooogle.com (with an extra 'o') you will be redirected to http://www.google.com. 

The moral of the story:  Check that address bar twice before you hit enter!

Message Edited by jgonzales on 02-11-2009 07:02 PM


Oh OK, thanks for clearing this up.


Hi Adam

>>A recent PCMag.com blog post points out that the fake White House website whitehouse.org (no, I won't link you to it) has been hacked and is serving up malware.. ..This is a specific case of a very real threat. >> 

What I find more disturbing than reading your warnings here about whitehouse.org and how potentillay dangerous the site is, is when I go to Norton Safe Web it gives the site a 100% safety rating.

What's going on with this?

Thanks, John

Message Edited by johna on 08-29-2008 12:05 AM
Hi John,

Thanks for raising this important issue.

Back in May, Norton Safe Web did receive a few notifications from our Norton Community Watch users (those with Norton Antivirus or Norton Internet Security that opted in to automatically send suspicious URLs detected by our antivirus engine as users encounter them). Upon analysis Norton Safe Web rated whitehouse.org "red" due to a number of threats found on this site. However, upon re-analysis of this site (which we do frequently to avoid serving up stale site ratings), Norton Safe Web no longer detected security risks on the site. Hence, the site rating was changed to ‘green’. Remember that the site rating is not permanent. Any site could be ‘green’ now and a few days later we might find that it is unsafe. Similarly, a ‘red’ site could clean up their act and upon re-analysis, gets changed back to ‘green’. This explains why the Norton Safe Web Report now shows whitehouse.org as ‘green’.

Thank you,
Tuan-Khanh Tran
Senior Product Manager, Norton Safe Web