Top-level domains (TLDs), aka internet neighborhoods, are similar to real-world addresses in the sense that some are shadier than others. A new look at which addresses offer the most rarified air found that the safest TLD out there is the military-related .mil suffix. And the .London suffix, set up in 2014, is the ninth safest web neighborhood in the world, ranked alongside Japan, Gibraltar and Kuwait in the top 10.
The report, from Blue Coat, found that in contrast, some TLDs are used for the sole purpose of playing host to a large number of scams and spam. In fact, more than 95% of websites in 10 different TLDs are rated as suspicious, with that percentage increasing to 100% for the top two highest ranking TLDs, .zip and .review. Other dangerous web domains include .country, .Mali, .kim.
Blue Coat analyzed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to determine percentages for spam, botnet activity, phishing, scams and potentially unwanted programs (PuPs). Many of the websites serve up pages that mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
Given that web addressing has exploded from the early days of a small number of standard TLDs, such as .com, .net, .edu and .gov, as well as some “country code” domains like .fr (France), and .jp (Japan), the bad guys have a lot more houses to move into.
Between 2013-2014, over 600 new TLDs were created and approved. And Blue Coat found that more than 95% of websites in the 10 newest TLDs are suspicious.
“Much has changed since the early days of the internet when the web had only six common top level domains (TLDs),” the report noted. “By June 2015, the count of validly issued TLDs stood at over one thousand. As the number of TLDs has increased, so have the opportunities for attackers. These TLDs, with high numbers of shady sites can provide fertile ground for malicious activity.”
To reduce risk, businesses should consider blocking traffic that leads to the riskiest TLDs, such as .work, .gq, .science, .kim and .country. Users should also use caution to click on any links that contain these TLDs if they encounter them in search results, email or social network environments—and should be wary of redirects from other, legitimate-looking addresses.
“Due to the explosion of TLDs in recent years, we have seen a staggering number of almost entirely shady web neighborhoods crop up at an alarming rate,” said Hugh Thompson, CTO for Blue Coat Systems. “The increase in shady TLDs as revealed by Blue Coat’s analysis is in turn providing increased opportunity for the bad guys to partake in malicious activity. In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike."