McAfee Names The Most Dangerous Domains

The top five domains ranked in terms of the prevalence of dangerous downloads are .info; .ro; .ws; .biz; and .cn.

Thomas Claburn, Editor at Large, Enterprise Mobility

June 4, 2008

3 Min Read

Web sites registered in top-level domains tied to Hong Kong (.hk), China (.cn), and the Philippines (.ph) are the most likely to pose a security threat to visitors, according to a study released on Wednesday by McAfee.

McAfee's "Mapping the Mal Web Revisited" distills data from 9.9 million Web sites in 265 top-level Internet domains -- generic ones and national ones. From that information, a list of 74 domains containing at least 2,000 sites was compiled and rated for risk based on the prevalence of malware.

The report finds that 19.2% of all .hk Web sites present a security threat to Internet users. For .cn Web sites, 11% pose a security threat. For .ph, Web sites, 7.7% pose a danger. For the .ph domain, it was a 270% increase in overall risk from 2007, substantially higher than other domains.

The fact that a top level Internet domain has a particular geographic association does not mean that the Web server at that Web address or persons responsible for the server are located in that region.

Last year, domains associated with the South Pacific island Tokelau (.tk) ranked as the riskiest Internet real estate.

Jeff Green, SVP of product development and McAfee Avert Labs, said in a statement that last year's report prompted domain administrator for .tk, a Dutch company, to re-examine its policies. This year, .tk is notably safer, ranking 28 out of 74.

The policy re-examined was the decision to offer unlimited free anonymous registration of .tk domains, according to McAfee's report.

Among generic top level domains, .info is the riskiest, with 11.73% of sites flagged by McAfee. For the .com domain, that number is 5.26%. The safest generic domain is .gov (0.05%).

The overall prevalence of exploit code on Web sites -- one factor of several used to calculate overall risk-- remains relatively low at 0.07%. Thus, in 10,000 Web site visits, seven sites on average would expose the visitor to a potential computer infection. Whether or not the visitor's computer became infected would depend on the virulence of the malware and on the security software, settings, and characteristics of the machine in question.

Web sites in certain domains, however, carry a far higher risk than average. For example, McAfee found malware on 1.1% of all Web sites in the .ro (Romania) domain, a percentage 15 times higher than average.

The top five domains ranked in terms of the prevalence of dangerous downloads are .info (21.95%); .ro (14.18%), .ws (12.5%); .biz (11.64%); .cn (10.75%).

"Vast parts of the Web are quite safe to visit, but many neighborhoods -- big ones and small ones -- put every visitor at risk of an online mugging," McAfee's report concludes. "Whether that attack comes in the relatively mild form of a pop-up trap or something extremely serious like an unwitting experience with a keystroke logger, the Web is dangerous."

To mitigate that danger, McAfee, which sells security software, humbly suggests investing in "an up-to-date security suite."

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights