McAfee’s 3rd Annual “Mapping the Mal Web” report highlights the top-level domains with the most road hazards.
Like the auto industry, the Internet wasn’t designed with seatbelts and airbags. It took years and some determined people to get the auto industry to make safety changes. McAfee’s latest report highlight’s why so many security vendors are offering add-on safety features to protect your browsing experience. In today’s Web, attackers are poking holes in legitimate websites to set up drive-by downloads, typosquatters are waiting for someone’s fat fingers to mistype a URL and many are using search engine optimization to get their mischievous sites listed prominently in search results.
McAfee uses its TrustSource Web reputation system to analyze Web content, traffic patterns and site behavior. It combines the data with information it collects from users of its SiteAdvisor browsing software. It looked at 104 of the world’s 280 top-level domains. Its latest 2009 Mapping the Mal Web (pdf) rankings are based on tests of more than 27,002,629 domain ratings. The following are the top 5 riskiest domains according to the analysis.
Cameroon (.cm): No doubt typosquatters are sitting on a goldmine if they can find an active, or even semiactive .cm domain. Think about how many times a person’s lazy fingers accidentally misses a letter in a URL. In this case, not only could you be taken to a malicious Web page, but if it’s convincing enough, some users may fail to recognize their typing mistake. According to McAfee, registered sites using .cm tend to be for malicious download activity rather than email or phishing. It’s all about adware and spyware galore here.
Commercial (.com): Obviously the road most heavily traveled will likely have the most potholes. Because .com is the most heavily traveled, it’s also the most closely watched by security teams. Malicious .com sites are reported quickly by those who stumble upon them in search engine results or mistyping a URL. Thumbs up to Google, which automates the process of scanning for potentially dangerous sites. Its system flags sites that it detects may be infected with malware. While some active webmasters get frustrated if their site gets misidentified, Google has a remediation process. Often the problem is detected in malicious display ads, Google says.
People’s Republic of China (.cn): Ah China. I’m seeing red and lots of it here. China is often cast out as the place where all evil cyberattacks originate, but it’s probably better described as a train depot or switching station where malicious code flows through before ending up on grandma’s computer. The good news is that most of the risky activity using the .cn domain is spam, not malicious downloads, according to McAfee. Still, the People’s Republic of China is the riskiest domain in all of Asia. It took me less than a minute to find a .cn domain pushing out rogue antivirus. Not surprisingly here, Japan (.jp) is the safest in the region.
Samoa (.ws): When I was growing up, I used to see the Wild Samoans, Afa and Sika, practicing their wrestling moves in a ring in their driveway. The 1980s rocked. Despite all those leg drops and death locks, those guys had class, but unfortunately, many of the .ws domains are lacking in that department. Samoa has a high ratio of risky domains connected to phishing and malicious downloads. Maybe Afa and Sika can send a tag team to Samoa and take on some of those registrars.
Information (.info): Please. Who dials 411 anymore? Well, apparently many spammers are parking themselves in this domain hoping people land here. According to McAfee .info is the riskiest email top level domain with 17.2% of sites with sign-ups resulting in unwanted email.