A common technique used to entice Internet users to visit certain web sites or disclose information is to present the users with a universal resource locator (URL) that the user is encouraged to access. For example, while surfing the Internet, pop-up advertisements, unsolicited e-mails, or links to certain web sites may be presented to the user. The web site links or pop-up advertisements presented to the user in this manner often appear to be a web site with which the user already has familiarity. In some instances, these web sites are deceptively chosen by an attacker who wishes the user to visit a different web site than the one presented.
For example, a typical form of deceptive attacks includes presenting a URL that appears to contain a certain domain name (e.g., www.microsoft.com), but actually includes a different host name for which the domain name presented is only a parameter (e.g., www.microsoft.com@foo.com). Another example of this type of attack uses host names that are deceptively similar to other popular and known host names. For example, a user may be presented with a URL for www.1BM.com, where the host name appears deceptively similar to www.IBM.com (in fact, the deceptive web site has the number “1” instead of the letter “I”).
A possible solution to prevent deceptively similar domain names is to buy all the domain names that appear similar to a particular domain name in order to prevent the purchase of the similar domain names by an attacker. For example, a company may decide to buy all the domain names that may be easily confused with the company's actual domain names. However, the domain name system is currently being upgraded to support international characters based on the Unicode/ISO 10646 standard character sets, so the number of deceptively similar characters will be increasing. Therefore, the possibility of a particular company buying all the deceptively similar web sites to protect the company's own domain name is no longer feasible. Additionally, when legitimate domain names contain characters outside of the US/Western Europe character sets, the scope of possible attacks becomes much greater.
Another conventional method to prevent such an attack is to use Secure Socket Layer (SSL) certificates. SSL is a protocol that relies upon a mutually trusted certificate authority (CA) to ensure secure transactions between web servers and web browsers. Typically, a browser requests a secure web page and the corresponding web server sends the browser the public key in the certificate associated with that web server. Subsequently, the browser checks to ensure that the certificate was issued from a trusted party (i.e., a root CA) and that the certificate is related to the actual web site contacted by the browser. At this point, the web server uses both the public key and a private key, and the web browser uses the public key to transfer data securely.
Alternatively, in another common method to prevent these types of attacks, a particular company may register its domain name in a portion of a domain name system where the domain name system includes certain restriction policies that prevent the presence of deceptively similar domain names. For example, some domain name service operators for country domains may restrict domain name registrations to be based on the company name in a national business database. The national business database is typically operated by the government of that particular country.