Author(s): Thomas Vissers, Wouter Joosenand, Nick Nikiforakisy

Download: Paper (PDF)

Date: 8 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015

Abstract:

A parked domain is a domain which has no content other than automatically computed advertising banners and links. Despite the popularity of this practice, little is known about parked domains and domain parking services that assist domain owners in parking and monetizing their unused domains. In this paper, we explore the ecosystem of domain parking services from a security point of view, focusing mostly on everyday users who land on parked pages. By collecting data from over 8 million parked domains, we are able to map out the entities that build up the ecosystem and analyze the domain owners, parking services and advertisement syndicators involved. Furthermore, we show that users who land on parked websites are exposed to malware, inappropriate content, and elaborate scams, such as fake antivirus warnings and costly remote “technicians”. At the same time, we find a significant number of parked domains to be abusing popular names and trademarks through typosquatting and domain names confusingly similar to authoritative ones. Given the extent of observed abuse, we propose a set of features that are representative of parked pages and build a robust client-side classifier which achieves high accuracy with a negligible percentage of false positives.