More than half of the typo-driven URLs for Facebook are maliciousby Steve Ragan - Oct 26 2011, 14:40
Websense, the security vendor who manages the link scanning service for social networking giant Facebook, recently examined the destination for users who make common typing errors when entering Facebook.com. The results were not pretty.
Websense Labs conducted their test, by starting with Facebook.com, and then generated common typos based on keyboard character distance, common repeats, and even omissions.
As expected, many typos correctly resolved, pushing fat-finger typists to the Facebook’s main domain. This is a common practice for many major brands on the Web.
Other typos simply failed to resolve at all, resulting in 404 errors. This means page not found if you’re unfamiliar. After correct resolutions and 404s however, Websense discovered that more than half of the typos - some 62-percent of them - resolved to either a Botnet, Phishing page, or other malicious website.
“Typosquatting exploits common typing errors made when entering a Web address in a browser...,” Websense explains.
“Popular social networking sites, like Facebook, are often targets of Typosquatting. With over 800 million active users, it’s no surprise the social networking giant is a target of such exploits.”
As part of the link scanning service offered to Facebook, Websense will flag typo-domains when posted to timelines and walls. Previous coverage on that service is here.