Doppelganger domain

A doppelganger domain is a domain that is spelled identically to a legitimate fully qualified domain name (FQDN) but missing the dot between host/subdomain and domain, to be used for malicious purposes.

Overview

attack vector is through the web to distribute malware or harvest credentials. Other vectors such as email and remote access services such as SSH, RDP, and VPN also can be leveraged. In a whitepaper by Godai Group on doppelganger domains, they demonstrated that numerous emails can be harvested without anyone noticing.^[1]

Example

For email address "ktrout@finance.corpudyne.com", the doppelganger domain would be "financecorpudyne.com"; hence, an email accidentally addressed to "[email protected]" (i.e. with the dot between "finance" and "corpudyne" having accidentally been omitted) would go to the doppelganger domain rather than to the legitimate user.

References

^ "Doppelganger Domain whitepaper". Godai Group. 6 Sep 2011.

External links

"Researchers' Typosquatting Stole 20 GB of E-Mail From Fortune 500". Wired. 8 Sep 2011.
"Bad spelling opens up security loophole". BBC. 12 Sep 2011.

This Internet-related article is a stub. You can help Wikipedia by expanding it.

This malware-related article is a stub. You can help Wikipedia by expanding it.

[1] "Doppelganger Domain whitepaper". Godai Group. 6 Sep 2011.

[1]

v t e Domain name parking
General	Reverse domain hijacking Cybersquatting Domain name drop list Domain name speculation Domain sniping Domain parking Domain tasting Domain name warehousing Doppelganger domain Type-in traffic Typosquatting Domain name front running Drop registrar
Legal	Uniform Domain-Name Dispute-Resolution Policy Anticybersquatting Consumer Protection Act (Trademark Cyberpiracy Prevention Act) PROTECT Act of 2003
Technical	Domain hack Wildcard DNS record Fast flux

Overview

Example

See also

References

External links