Bitsquatting

How it works

Computer memory occasionally flips a bit because of hardware faults or cosmic rays. If that bit is part of a domain name being resolved, the device may request a name one character off from the real one. Attackers register those bit-flipped variants and wait to catch the stray traffic, then serve malware or phishing.

Volumes are low per domain, but at internet scale a popular domain generates a steady trickle of misdirected requests.

How it relates to brand impersonation

Bitsquatting is an exotic, technical cousin of typosquatting, and the domains it uses are still lookalikes that monitoring can enumerate and watch.

How nebty helps

nebty can include bit-flip variants of your domain in its monitoring, so even these long-tail lookalikes are visible and available for on-demand takedown.

How a hardware glitch becomes an attack

Bitsquatting exploits something most people never think about: memory is not perfectly reliable. Heat, age, and background radiation occasionally flip a single bit in RAM, and if that bit sits inside a domain name a device is about to resolve, the request goes to a name one character away from the real one. An attacker who registers those one-bit-off variants of a popular domain collects whatever stray traffic the glitches send their way, then serves ads, malware, or a phishing page. Any individual domain sees only a trickle, but a high-traffic name generates a measurable stream. It is a niche technique, but the registered variants are still lookalikes, so the same monitoring that tracks typos can enumerate and watch the bit-flip set for a domain that matters enough to warrant it.