Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

80% Of "Olympic" Domains Are Scams And Spam

August 03, 2012 - 3 min read
Today we looked at all identified domains containing the string "olympics", which had been accessed by our customers over the course of a day. It turns out that 80% of them are scams or spam and they can be classified into three main categories.

Typo squatting

Spammers can take advantage of users making mistakes when typing a domain name directly into the browser address bar by purchasing domain names close to their intended target - for example: gooogle.com (3 letter o's) or gogle.com (1 letter o) for google.com, yaho.com or yaoo.com for yahoo.com, etc.

The main target of typo squatting in the US is the official NBC site for the Olympics: nbcolympics.com. Here are the domains that capitalize on user mistakes:
  • cnbcolympics.com (extra c)
  • nbcolympic.com (missing s in olympics)
  • wwwnbcolympics.com (missing dot between www and nbcolympics.com)
  • msnolympics.com (msn instead on nbc)
  • nbolympics.com (missing c in nbc)
  • nbcolympics.org (.org instead of .com)
  • nnbcolympics.com (2 n's in nbc)
  • mbcolympics.com (m instead of n in nbc)
  • ncbolympics.com (c and b inverted in nbc)
These domains are mostly parked. They are covered with advertising in the hope that users will click on one of those links since there is no useful content on the page.

Domain names cost only about $10 and hosting can be free, so this can an effective way to make some money with a minimal initial investment.

"TV on PC" scam

Scams for receiving Cable/Satellite TV on a PC for a very low monthly fee are not new. Scammers are taking advantage of the Olympics to attract people who are ready to spend a few bucks to watch the games in real time.

Numerous pages, mostly parked on free hosting sites are created to redirect users to the TV scams. These redirection pages may be designed as reviews from users promoting the scam, or simple HTTP redirection scripts with no content actually displayed to the victim.

This technique is used by the largest number of "olympics" domains:
  • londonolympics2012livestream1.webspawner.com
  • london2012olympicslivestreamfreeonline.webspawner.com
  • londonolympic2012tv.com
  • olympics2012onipad.com
  • watch2012olympicsonline.puzl.com
  • olympics.gamelivehd.com
  • londonolympics.chuckduck.info
  • watcholympics2012live.com
  • watchsummerolympics.com
  • watch-olympics-online.info
  • olympicstv.trueonlinetv.com
  • watcholympicslivestreams.us
  • olympic2012.livetelecast.us
  • olympics2012london.tk
  • olympic2012.onlinepremiumtv.com
  • olympics2012live.onlinestreamingfree.net
  • londonolympic.info
  • london2012olympicslivestream.sitew.com
  • olympicgames2012livestream.sitew.com
  • watcholympics2012-openingceremonyonlinefree.sitew.com
  • olympics2012lives.sitew.com
TV scam after redirection: satellitedirect.com

"Made for Adsense" sites

"Made for Adsense" (MfA) sites are highly targeted websites that drive web traffic from search engines. They contain enough content to get listed in search engine results for as a specific query. They contain a lot of ads and encourage users click on them in order to get to some of the more interesting content. MfA sites typically have very few pages.

 Here are some examples related to the Olympic games:
  • olympicstable.com
  • 2012-london-olympics-news.com 
  • olympic-games-2012-london.com
  • olympicsgames.com
  • olympicgames2012.com
  • nbcolympica.com
  • olympiczone.com
More ads than content: 2012-london-olympics-news.com

We've seen a few other scams - mostly old tricks revisited to fit the Olympic games.
  • software to see the Olympic games that is actually spyware/adware: streamolympicsonline.com
  • survey scams: olympics2012videoclips.vidrr.net
I guess the good news is that most of the scams are targeting 'low hanging fruit' and don't involve sophisticated exploits.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.