Last Updated: 2011-12-12 23:21:39 UTC
by Daniel Wesemann (Version: 3)
Earlier today, SANS ISC reader Matthew reported one of his users stumbling over an odd "Click here to win your prize" page. We are still investigating the full contents, but it looks like several misspellings of wikipedia are used in this scam, in addition to many other domains.
wikipeida-org, wikepedia-org, wictionary-org, wikpedia-com, wikispaces-cm are all domains with a typo that redirect visitors to a "you won a prize" page. The result currently looks like the screenshot below
(a) PERSONAL INFORMATION. We will share any and all personal information you submit to our Company with third parties who may have products or services you will find of interest. We will share your information without your additional consent. We may also use your personal information to verify your identity, to check your qualifications, or to follow up with transactions initiated on the Site. We may also use your contact information to inform you of any changes to the Site, or to send you additional information about us. If you give your permission during the account registration process, we may share your information with our business partners or other companies so that they may send you promotional materials. By giving your permission during the account registration process, you expressly consent to receive such promotional materials from us and/or our business partners or other companies via various media channels, which includes, but is not limited to, SMS messaging (standard carrier text messaging charges will apply).
Be careful what you wish for .. this free iPad comes with plenty strings attached!
Update: Other prominent typo domains affected include youtrube-com, youotube-com, youzube-com. RUS-CERT's passive DNS has a long list of domains pointing to the same IP: http://www.bfk.de/bfk_dnslogger.html?query=18.104.22.168#result