When news of "com.com" (previously owned by CNET) being quietly sold to dsparking.com, a known entity in the realm of browser hijacking and domain squatting, had rippled within the security industry a couple of years ago, some experts expressed concern.
In a blog post, Robert Hansen of WhiteHat Security had illustrated it best:
Com.com is the single best typo squatter domain on the planet. Let’s say, for instance, you accidentally type in firstname.lastname@example.org (notice the end there). Yes, it would go to .com.com email servers if they were set up to allow email to come in. If you typed a URL as http://www.yahoo.com.com similarly, you would also redirect to the typo domain. Or how about phishing sites of ebay.com.com or have you downloaded the latest patch from microsoft.com.com?And that's just one of the potential dangers.
We recently encountered the URL, dw[DOT]com[DOT]com, that directed us to various destinations whenever we refresh it. Although this site is no longer accessible as we write this post, we were still able to visit one particular live URL destination that stood out among the rest during our testing.Keygen Capers and Suurgle Surveys. When we compared the two articles, we found there is actually nothing new in the content. If anything, the only notable differences are the images used at the middle and lower sections of the articles.
All links on the fake Daily Mail article point to one URL, which then leads users to random destinations where they are offered freebies behind surveys or certain services. Below are what we have encountered so far:
[gallery type="slideshow" ids="9461,9462,9463,9464"]
A little more digging around about dw[DOT]com[DOT]com has revealed that it also has a history of housing adware, PUPs, and spyware. Other than the links we have referred to at the beginning of this post, there are relatively few reports of com.com sites getting abused. That may be a good thing—at least for now; however, there may come a time when criminals would make full use of these sites for their malicious campaigns. So be advised, dear Reader, to avoid and proactively block them as early as now.
Surf safely out there!
Other related post(s):