The web is “getting trickier for users to navigate safely. That is the most important thing for people to understand overall”, said Dave Marcus, director of security research at McAfee, in an interview with Infosecurity.
A disturbing 31% of websites with .com addresses were judged to be risky, making it the most dangerous top level domain (TLD), according to the fourth annual report. This was followed by .info with 30.7% of its websites judged to be risky, .vn (Vietnam) with 29.4%, .cm (Cameroon) with 22.2%, and .am (Armenia) with 12.1%.
Among the safest TLDs are .travel with .02% risk, .edu with .05%, .jp (Japan) with .08%, .cat (Catalan) with .09%, and .gg (Guernsey) with .1%, according to the survey. The safest TLD in 2009, governmental (.gov), was relegated to 23rd safest this year.
Marcus provided a number of reasons why .com is riskier than some of the other TLDs. “First, it’s one of the oldest top level domains; it’s been around a lot longer; it’s more trafficked; there has been more website development; there are more businesses that operate on the .com domain; and regular users tend to surf the .com domain more than any other. The bad guys go where the good guys are.”
In terms of country domains, Vietnam (.vn) is the riskiest domain, followed by Cameroon (.cm), Armenia (.am), Cocos (.cc), and Russia (ru). The safest country domains are Japan (.jp), followed by Catalan (.cat), Guernsey (.gg), Croatia (.hr), and Ireland (.ie).
“A newcomer like Armenia turns out to be one of the worst offenders. That goes to show you that the bad guys are very clever, very quick to pick up on who is new and find ways to abuse those domains,” Marcus said. At the same time, China has improved in terms of making its websites less risky. “They actually made some improvements and dropped down a little bit”, he noted.
Regionally, Europe, the Middle East, and Africa (EMEA) has most of the risky domains; 7 of the top 20 riskiest domains were located there. The Asia-Pacific region was second, with 6 of the top 20. “EMEA has the dubious distinction of geographically having more malicious domains in it than any other part of the world. People need to know this and make good choices. Go to the domains in the less risky areas of the world or at least use the right technologies that can tell you which website is good and which one is bad.”
EMEA was ranked among the least risky regions in 2009. “What that tells us is that there have been a lot of new entrants in that part of the world and the bad guys have been very quick to jump on some of these newer domains and take advantage of them. This is very common in terms of criminal techniques. The bad guys see a new top level domain and they start buying up a lot of the domains within that top level domain. They’ll use them to send spam links; they’ll use them to send instant messenger links; they’ll host malicious code on websites”, he said.
The study only compiled results for TLDs with at least 2000 live sites. Two low-volume TLDs would have made the study’s top five if all TLDs had been included: Senegal (.sn) with 33% of its websites qualifying as risky, and British Indian Ocean Territory (.io) with 11.5%.
Marcus offered some suggestions for web users to stay safe. “The number one thing they need to do is utilize safe browsing technology….Reading reports like this is very important because it is a simple way of understanding and it is actionable information….Keeping their security software up to date and running scans on a daily basis is the last thing they want to do. If they do these three things, they’ll be safe.”