It’s bad enough, as an individual, to discover that the domain name you wanted has been snapped up by some corporate pirate looking to make a mighty profit by sitting on it and selling it on. It is even worse when these cyber-squatters snap up a domain you had been using but somehow managed to let lapse by not renewing the registration in time. However, the problem gets a whole lot more complicated when you are a corporate whose brand and business is being devalued by a typo-squatter.

Type-squatting is, as the name suggests, the practice of using the misspelling (or a variation) of a domain name in order to drive legitimate traffic away from the intended destination and onto what could be either a pay-per-click ad farm, porn site or even a phishing expedition for your clients personal and financial data or, indeed, their custom.

Microsoft has decided that enough is enough, and amid claims that thousands of such domains are registered every day with the single aim of profiting from the intellectual property that is a corporate trademark, has started to fight back. It is taking legal action against 324 domains, owned and operated by four individuals and companies, in the first batch of filings. Seeking injunctions, damages and forfeiture of the domains in question, Microsoft means business. Microsoft attorney Aaron Kornblum, along with Microsoft Trademark and Internet Safety Enforcement, says that there has been a surge in domains illegally containing the Microsoft trademark, comparing it to a ‘virtual land rush.’ He has a point; independent analysts who monitor such markets reckon that domain registrations using the Microsoft trademark average 2000 per day, and 75% of those are by domain name holding companies. This despite such actions being clearly illegal under the 1999 US Anticybersquatting Consumer Protection Act when there is bad faith intent to profit from that trademark.

Helping Microsoft to track down the offenders is the in-house developed Strider URL Tracer application that, in a spirit of helpfulness, is also available as a free download for any company wanting to reveal potentially infringing domains. Parents might also want to take a look as Strider will block typo-squatting domains that target legitimate kids web sites with adult ad server farms.

For once, I find myself in the strange position of saying well done Microsoft. With no reservations…

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Indeed well done. Those squatters are no better than the domain hijackers who register domains in the names of celebrities in the hope of extorting money with threats to sell to porn operators (for example) or squatters buying expiring domains before the holder has a chance to renew the registration and than extort money to allow companies to get their own website back.

Good for microsoft, these 'squatters' get on my nerves, do you think they could go after link farms next :D