Warning: Nasty '.om' Malware Is Lurking And Spreading, So Pay Extra Attention To That URL

Internet users should be warned that typing ".om" instead of ".com" can perhaps be the most dangerous and most unsecure typing mistake they could ever make.

An investigation conducted by the Malware Research and Threat Intelligence team at Endgame, an information security firm, revealed that a typosquatting campaign that uses ".om" affects some of the largest organizations in the world.

The team had identified Netflix as one of the more than 300 popular organizations that were targeted. According to their research, most of these ".om" domains that are related to a majority of popular brands seem to be unregistered.

While users know too well that a typo in a URL would simply redirect them to a page other than their intended site, clicking on URLs with the ".om" domain can bring them to a Web page that is filled with advertisements, has enticing surveys that promise free electronics when completed or deliver scareware tactics that say that they care about the user's security and encourage them to download an anti-virus software. Once that software is downloaded and installed, the user is bound to receive more headaches and annoying ads.

"If the bad actor does his job well, a significant number of users mistype the intended domain in the expected way, and those unfortunate enough to hit 'Enter' will inintentionally head down a dark road on the Web," says Endgame. "The goal of these pages is simply to generate as much advertising revenue as possible for the bad actors while trying to keep naïve users engaged and/or scared in order to keep them clicking more links and prolonging their sessions."

However, going to these pages can have effects that are much worse than what was previously mentioned. A malicious party can use the ".om" domain to spoof a legitimate site in order to gain the user's login details, install back doors on a system, install ransomware, include victims in a botnet, host more malware on victims or even gain remote access.

Some companies are already aware of typosquatting and have included the ".om" domain under their registered addresses. Endgame has identified at least 15 ".om" domains that seem legitimate. These are nextdirect.om, pizzahut.om, papajohns.om, tv.om, panasonic.om, lego.om, twitter.om, marriott.om, icloud.om, bbc.om, entrepreneur.om, hyatt.om, tripadvisor.om, vmall.om and hotwire.om.

Other solutions that companies have used include creating similar Web address names that will allow users to be redirected to their sites even after they have misspelled the addresses. For instance, when users misspell google.com into googel.com or gooogle.com, they would still be redirected to the correct Google search page.

For users who know they have the nasty habit of making a typo whenever they type a URL, it would be wise to be really cautious as to not fall into the typosquatters' trap. As the ".om" suffixes seem to be on the rise, the repercussions in committing what looked like a simple typing error can be one's ultimate Web horror.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics