Something Wicked This Way .coms: this sure seems like a big hole in the web
Here's the TL;DR of an earlier post: I accidentally mistyped a domain name configuration value while updating a website and found what I feel is a phishing op. If you take any .com domain, and add a second.com to the end (I do NOT recommend actually trying this unless you know what you are doing) you will see what appears to be a typo phishing operation.
My question: is this well known? Because I've never seen it written up before when I peruse web security stuff. For the full write-up of my experience and an associated screenshot check out: http://www.oldirtyhacker.com/something-wicked-this-way-coms
4 comments
[ 4.2 ms ] story [ 15.0 ms ] threadhttps://isc.sans.edu/diary/.COM.COM+Used+For+Malicious+Typo+...
https://www.whitehatsec.com/blog/why-com-com-should-scare-yo...
Seems like this has been going on for a while...
It's not a hole in the web any more than people accidentally typing "fcaebook.com" is a hole in the web. It's just someone exploiting user error, not unlike domain squatting. If you hit "CTRL+ENTER" in most browsers' address bars, they used to blindly append ".com" onto the domain name. If you typed "facebook.com" and then hit CTRL+ENTER, you'd get to facebook.com.com. As far as I know, all browsers have fixed that.
This isn't actually phishing (as far as I know) because it's not trying to trick you into thinking you've gone to the correct website. It's just a malware distribution page.
I believe OpenDNS also blocks this, for the record.
My characterization of it being a 'hole' was more on the order of 'how could a typo-squat on such a valuable domain name be allowed to continue?'