i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

Doppleganger Domain Attack

Domain typo-squatting is commonly used to spread malware to users who accidentally misspell a legitimate domain in their web browser. A new type of domain typo-squatting takes advantage of an omission instead of a misspelling.

A Doppelganger Domain is a domain spelt identical to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes. Doppelganger Domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information.

Each company in the Fortune 500 was profiled for susceptibility to Doppelganger Domains and 151 companies (or 30%) were found to be susceptible. In large corporations, email usage is extremely high and the likelihood of some email being mis-sent is high which could result in data leakage.

Security researcher Peter Kim and Garrett Gee who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. The intercepted correspondence included employee usernames and passwords, sensitive security information about the configuration of corporate network architecture that would be useful to hackers, affidavits and other documents related to litigation in which the companies were embroiled, and trade secrets, such as contracts for business transactions.