1. Technical Field
Embodiments of the present invention generally relate to computer network security systems and, more particularly, to a method and apparatus for securing computer systems from domain name abuse.
2. Description of the Related Art
Over the last few decades, a large percentage of the world's population has incorporated the internet into their daily lives. Many business and personal transactions occur on the Internet. Many businesses have created Internet websites as an integral part of their marketing efforts to inform consumers of the products or services offered by the businesses and provide other information seeking to engender brand loyalty. These websites further allow Internet users to do online shopping. The Internet has become increasingly popular as a medium for commercial transactions.
The fraudsters, for example, spammers, phishers and hackers employ different techniques to disrupt operations at a computer of the Internet user by acquiring the confidential information from the computer. For example, the fraudsters entice the Internet users to navigate fraudulent websites which resemble legitimate websites in order to obtain the confidential information, for example, passwords and/or financial account information.
The fraudsters may employ various visual characteristics of real domain names of the legitimate websites to mask domain names of the fraudulent websites and thus avoid detection. For example, similarities between letters or groups of letters are used to disguise the domain name of the fraudulent website. The hacker or fraudster may register the domain name of the fraudulent website which looks just like that of the legitimate website, but some of the letters have been replaced by homographs in another alphabet. The fraudster may then send messages, purported to come from the original legitimate website, but directs the Internet users to the fraudulent website. Then, the fraudulent website records information such as passwords or account details and other such private and personal data of the Internet user. The Internet users may never notice the difference, until suspicious or criminal activity occurs with their accounts. For example, the string ‘w’ resembles the string ‘vv’. An Internet user may not notice such a subtle difference and click on a link for ‘www.vvellsfargo.com’ by accident. Sometimes, punctuation marks in the domain name may also be detected.
Current spam and phish detection techniques may not operate properly if look-alike characters are used. For example, such a detection technique may not recognize a string of characters ‘vvellsfargo.com’ as the fraudulent domain name of the real domain name ‘wellsfargo.com’ and therefore, does not block emails or web pages having such a string. Therefore, the confidential information is captured by the fraudulent website and misuse or theft (e.g., illegal money transfer by the fraudster from bank account websites) may occur.
Accordingly, there is a need in the art for method and apparatus for identifying domain name abuse to support web-based fraud detection and computer security.