An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.
Determine target website: The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.
Research popular or high traffic websites.
Impersonate trusted domain: In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.
Register the BitSquatted domain.
Wait for a user to visit the domain: Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.
Simply wait for an error in memory to occur, redirecting the user to the malicious domain.
An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.
Typical Likelihood of Exploit
Methods of Attack
Attacker Skills or Knowledge Required
Skill or Knowledge Level: Low
Adversaries must be able to register DNS hostnames/URL’s.
Solutions and Mitigations
Authenticate all servers and perform redundant checks when using DNS hostnames.
When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.
Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
More information is available — Please select a different filter.
Page Last Updated or Reviewed:
July 31, 2017
Use of the Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy, and the associated references from this website, are subject to the