A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The
business has an established relationship with an organization using the URL of www.company.com but
not with the site that has been causing the infections. Which of the following would BEST describe this
type of attack?
A.
Typo squatting
B.
Session hijacking
C.
Cross-site scripting
D.
Spear phishing
Explanation:
Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking
which relies on mistakes such as typographical errors made by Internet users when inputting a website
address into a web browser. Should a user accidentally enter an incorrect website address, they may be
led to any URL (including an alternative website owned by a cybersquatter).
The typosquatter’s URL will usually be one of four kinds, all similar to the victim site address:
(In the following, the intended website is “example.com”)
A common misspelling, or foreign language spelling, of the intended site: exemple.com
A misspelling based on typing errors: xample.com or examlpe.com
A differently phrased domain name: examples.com
A different top-level domain: example.org
Once in the typosquatter’s site, the user may also be tricked into thinking that they are in fact in the real
site; through the use of copied or similar logos, website layouts or content.
Incorrect Answers:
B: In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of
a valid computer session—sometimes also called a session key—to gain unauthorized access to
information or services in a computer system. In particular, it is used to refer to the theft of a magic
cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as
the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using
an intermediary computer or with access to the saved cookies on the victim’s computer. In this question,
the users went to www.compnay.com instead of www.company.com. Therefore, this is not a case of
hijacking a valid session; it’s a case of users going to the wrong URL.C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web
applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems
on which they rely. Exploiting one of these, attackers fold malicious content into the content being
delivered from the compromised site. When the resulting combined content arrives at the client-side web
browser, it has all been delivered from the trusted source, and thus operates under the permissions
granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain
elevated access-privileges to sensitive page content, session cookies, and a variety of other information
maintained by the browser on behalf of the user. The question is not describing an XSS attack.
D: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking
unauthorized access to confidential data. As with the e-mail messages used in regular phishing
expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually
appear to come from a large and well-known company or Web site with a broad membership base, such
as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be
an individual within the recipient’s own company and generally someone in a position of authority. The
attack described in the question is not an example of spear phishing.http://en.wikipedia.org/wiki/Typosquatting
http://en.wikipedia.org/wiki/Session_hijacking
http://searchsecurity.techtarget.com/definition/spear-phishing