By: Julien Sobrier

80% Of "Olympic" Domains Are Scams And Spam

Phishing

Today we looked at all identified domains containing the string "olympics", which had been accessed by our customers over the course of a day. It turns out that 80% of them are scams or spam and they can be classified into three main categories.

Typo squatting

Spammers can take advantage of users making mistakes when typing a domain name directly into the browser address bar by purchasing domain names close to their intended target - for example: gooogle.com (3 letter o's) or gogle.com (1 letter o) for google.com, yaho.com or yaoo.com for yahoo.com, etc.

The main target of typo squatting in the US is the official NBC site for the Olympics: nbcolympics.com. Here are the domains that capitalize on user mistakes:
  • cnbcolympics.com (extra c)
  • nbcolympic.com (missing s in olympics)
  • wwwnbcolympics.com (missing dot between www and nbcolympics.com)
  • msnolympics.com (msn instead on nbc)
  • nbolympics.com (missing c in nbc)
  • nbcolympics.org (.org instead of .com)
  • nnbcolympics.com (2 n's in nbc)
  • mbcolympics.com (m instead of n in nbc)
  • ncbolympics.com (c and b inverted in nbc)
These domains are mostly parked. They are covered with advertising in the hope that users will click on one of those links since there is no useful content on the page.

cnbcolympics.com
Domain names cost only about $10 and hosting can be free, so this can an effective way to make some money with a minimal initial investment.

"TV on PC" scam

Scams for receiving Cable/Satellite TV on a PC for a very low monthly fee are not new. Scammers are taking advantage of the Olympics to attract people who are ready to spend a few bucks to watch the games in real time.

Numerous pages, mostly parked on free hosting sites are created to redirect users to the TV scams. These redirection pages may be designed as reviews from users promoting the scam, or simple HTTP redirection scripts with no content actually displayed to the victim.

This technique is used by the largest number of "olympics" domains:
  • londonolympics2012livestream1.webspawner.com
  • london2012olympicslivestreamfreeonline.webspawner.com
  • londonolympic2012tv.com
  • olympics2012onipad.com
  • watch2012olympicsonline.puzl.com
  • olympics.gamelivehd.com
  • londonolympics.chuckduck.info
  • watcholympics2012live.com
  • watchsummerolympics.com
  • watch-olympics-online.info
  • olympicstv.trueonlinetv.com
  • watcholympicslivestreams.us
  • olympic2012.livetelecast.us
  • olympics2012london.tk
  • olympic2012.onlinepremiumtv.com
  • olympics2012live.onlinestreamingfree.net
  • londonolympic.info
  • london2012olympicslivestream.sitew.com
  • olympicgames2012livestream.sitew.com
  • watcholympics2012-openingceremonyonlinefree.sitew.com
  • olympics2012lives.sitew.com
londonolympics2012livestream1.webspawner.com
TV scam after redirection: satellitedirect.com

"Made for Adsense" sites

"Made for Adsense" (MfA) sites are highly targeted websites that drive web traffic from search engines. They contain enough content to get listed in search engine results for as a specific query. They contain a lot of ads and encourage users click on them in order to get to some of the more interesting content. MfA sites typically have very few pages.

 Here are some examples related to the Olympic games:
  • olympicstable.com
  • 2012-london-olympics-news.com 
  • olympic-games-2012-london.com
  • olympicsgames.com
  • olympicgames2012.com
  • nbcolympica.com
  • olympiczone.com
More ads than content: 2012-london-olympics-news.com

We've seen a few other scams - mostly old tricks revisited to fit the Olympic games.
  • software to see the Olympic games that is actually spyware/adware: streamolympicsonline.com
  • survey scams: olympics2012videoclips.vidrr.net
I guess the good news is that most of the scams are targeting 'low hanging fruit' and don't involve sophisticated exploits.

Learn more about Zscaler.