Checking the availability of a domain name might be a dangerous task, according to ICANN. Following complaints by different users, the regulation body is investigating cases where a domain name check could have been intercepted by the a third-party service provider and bought preventively.

Called "Front Running", the scam has not yet been proved, but was strongly suspected for some time by many players in the domain names industry. Special domain tools, web portals and even registries, may all be used to check domain availability. Their operators might then monitor the requests and book interesting domains before the requester had a chance to do so. 

ICANN insists that there have been no documented attacks yet, but an investigation in underway about two instances of potential Front Running.

Seven methods of snooping on domain names requests were identified by ICANN :

• Client software. Free- and shareware WHOIS client applications, Browser Helper Objects (BHOs), extensions, plug-ins. All can snoop on DNS-related activity on the computer.
• 3rd Party WHOIS query portals. Any web server can host applications to perform WHOIS queries. Internet users may use such portals to check domain name availability, and their operators snoop on their usage.
• Unauthorized executables. Email or web-delivered malicious code snooping on DNS-related activity on the computer.
• DNS operators. Some Internet users query the DNS rather than WHOIS services to determine whether a domain is in use. The operators of such servers may snoop on the requests.
• Registrars (and resellers). Registrars perform domain name availability checks on behalf of customers and visitors to their registration portals or API. They can monitor the requests for their own benefit.
• Registries.  Registries that receive checks for the availability of domain names in their
  TLDs can determine the list of names checked versus the list of names not yet registered,
  and make such a list available to domain name front runners.

Additionally, social engineering is another, low-tech but very efficient, way to snoop on domain names acquisition intentions and act-up before the legitimate party.

To prevent such a snooping, users are advised to stay clear from Whois websites offering to check for a domain name availability and, of course, from "Toolbars". A command line built-in tool like whois (on OSX and *Nix systems) is a much better and safer approach to domain names checking.