My typing skills leave much to be desired. I remeber the first time I made a typo in domain name and it didn’t give me a “Address Not Found”. Instead, I was forwarded to what appeared to be a Yahoo portal. I wasn’t pleased when I discovered this. I felt that it was wrong for my ISP to break protocol and send me to advertisements. Additionally, security experts like Dan Kaminsky and others have rightfully sounded the alarm. Real world attacks have taken place, and I’m still uneasy with the technology. So what’s with the title of this post?
Botnets are now using dynamic domain generation schemes. Researchers can sometimes register a few domains to gain control of parts of a botnet. But researchers and AV can’t register all the possibilities. Typosquatting technologies such as Paxfire could be leveraged to get between the victims and the C&C. Such a tool could enable PC owners to be notified of an infection and give statistical information on the size and location of the botnet. Other fun could of course be had but before broatching hijacking and/or DPI I’ll see how this is received. Worst case, ISPs could resell an opt-in service for a small fee (or even free) to maintain a list of all botnet domains and protect their users.