McAfee maps world’s riskiest Web domains

In the world of online search, just as in real estate, the mantra for safe bets is “location, location, location”, according to security experts from McAfee Inc., who recently mapped out the world’s riskiest domain names.

Vietnam, which registers online companies under the domain .vn, ranked as the number one riskiest country according to the fourth annual Mapping the Mal Web report released by Santa Clara, Calif.-based security software firm McAfee.

The top ten top-level domains (TLD) with the greatest percentage of risky registrations were:

  1. .com (commercial): 31.3 per cent
  2. .info (information): 30.7 per cent
  3. .vn (Vientnam): 29.4 per cent
  4. .cm (Cameroon): 22.2 per cent
  5. .am (Armenia): 12.1 per cent
  6. .cc (Cocos Island): 10.5 per cent
  7. .asia (Asia-Pacific): 10.3 per cent
  8. .net (Network): 10.1 per cent
  9. .ru (Russia): 10.1 per cent
  10.  .ws (Western Samoa): 8.6 per cent

In case you were wondering: the United States (.us) ranked 12 with 6.0 per cent weighed risk ratio; and Canada ranked (.ca) was 41st with a 0.9 per cent weighed risk ratio.

Related stories

Alleged ‘domain slammers’ lose dot-ca licence, sue CIRA $10 million

CIRA changes remove hassle for domain name owners

Click on the image to find out what countries are the riskiest to visit on the Internet

The three least riskiest TLDs were: Japan (.jp), ranked 104th with a risk ratio of 0.1 per cent; Education (.edu), 105th, 0.1 per cent; and the travel and tourism industry (.travel), ranked 106th, with a risk ratio of 0.0 per cent.

Set your IT security priorities straight Go to the Computerworld Technology Insights event on Nov. 18 in Toronto or in Edmonton on Nov. 23

This doesn’t mean that Vietnam itself is a breeding for spammers and phishers, however, according to Jim Galpin, manager, Canadian consumer sales, with McAfee Inc. “The report is saying that a lot of sites registered with the .vn domain name could lead Internet users to spamming, phishing or malware sites.”

Galpin explained to ITBusiness.ca that “risk mapping” is important because it the practice helps businesses determine which TLDs they should be wary about in order to protect their networks and customers.

Many SMBs (small and medium sized businesses) do not have the robust security tools employed by enterprise organizations to help them mitigate online threats, he said.

Click on the image to see the world’s most dangerous search terms

The letter code at the end of a Web site tells Internet users where the site is registered, Galpin explained. However, while it’s likely that everyone recognizes .com and .gov TLDs it is harder to interpret TLDs such as .am or .cm.

Spammers profit from this ignorance of TLD suffixes, he said.

“Very often when browsing for product information, business opportunities or other data, surfers focus on headings and domain names, but tend to pay little attention to country codes so they are unaware that they could be straying into risky territories,” Galpin said.

Links clicked on or forwarded by clients, partners or employees could by carrying malware, spam or lead to botnet sites.

Lax domain registry rules

Galpin said domain registry popularity, low price or registration and lax domain registry rules conspire together to raise a TLD’s risk factor.

For instance, .com enjoys the heaviest online traffic among TLDs.

“Majority of organizations register under the .com TLD by default and people tend to do more online searches using .com. Spammers and phishers favour the TLD because they are always after the low-hanging fruit” said Galpin.

However, loose domain registry requirements and spotty monitoring also tends to lure cyber crooks to a TLD.

The .vn TLD was number 39 on McAfee’s list in 2009 but shot up to rank third this year.

“We believe spammers were attracted to the TLD because of the relative low cost of registering in Vietnam and the lack of stringent measure in determining the legitimacy of registrants,” said Galpin.

In contrast, the TLD .sg (Singapore) was 10th last year but moved down to 81st on the list in 2010 largely due to beefed up registration measures.

“A .sg domain name applicant is required to show appropriate documentation when it seeks to register a domain name under various categories of .sg names,” said Lim Choon Sai, general manager, Singapore Network Information Centre Pte Ltd. (SNGIC)

For instance, he said, a “.com.sg” registrant needs to provide proof that it is a commercial entity registered with the Accounting Regulation Auhtority of Singapore or any professional body, while an “.edu.sg” registrant has to be registered with the country’s Ministry of Education.

The SNGIC official also said the centre also investigates immediately instances of negative feedback concerning registrants.

As Internet content can be hosted anywhere even after they are registered in Singapore, SGNIC also works with the international Internet community to monitor and prevent potential abuse of .sg domain names.

Persistent monitoring has helped Japanese authorities keep the .jp domain remain squeaky clean, according to Yumi Ohashi, international and government relations manager for Japan Registry Services Co. Ltd. (JPRS).

JPRS works with various related organization to examine the degree of malevolence of the allegedly abused domain name. “If it is confirmed the name is abused, JPRS requests the JP registrant to invalidate the name,” he said.

How business can reduce the risk

Galpin of McAfee said SMB operators can reduce their risk exposure by becoming more aware of TLD suffixes before clicking on a link. “Inform employees to be mindful about the TLDs they click on. Make sure they are aware of country codes that have high risk values.”

Some spammers, for instance rely on typos to lure victims to their site. For instance many victims of malware and spam carrying sites with .cm TLDs could well be people who inadvertently omitted typing “o” when they meant to type “.com” said Galpin.

To reduce the risk of falling into bogus sites, Galpin advised that surfers type the “full Web address on their search engine search bars rather than just doing a Google search.”

Galpin also said SMBs can take advantage of free online tools such as McAfee’s SiteAdvisor. The tool is a free browser plug-in that provides Website safety ratings and a small site rating icon to a user’s search results to help them decide whether or not a site is safe. The tool has a browser button and optional search box that provides users with safer alternative sites.

Nestor Arellano is a Senior Writer at ITBusiness.ca. Follow him on Twitter, read his blog, and join the IT Business Facebook Page.

Share on LinkedIn Share with Google+