Feeds

McAfee maps malware risk domains

Neighbourhood watch

SANS - Survey on application security programs

A global road map of the riskiest and safest places to surf online found Russian and Romanian sites among the top-level domains most commonly hosting malicious downloads, browser exploits, and scams.

A survey of 265 top-level domains by McAfee, dubbed Mapping the Mal Web, revealed large differences in safety from one domain to another. The worst haven for malware belonged to the the tiny Pacific island of Tokelau (.tk), where 10.1 per cent of websites contained dodgy content. The most risky large country domains were Romania (.ro, 5.6 per cent risky sites) and Russia (.ru, 4.5 per cent risky sites). These East European country domains were the most likely to host exploit or "drive-by-download" sites run by hackers.

By contrast, three of the safest top level domains were associated with Nordic countries, namely Finland (.fi, 0.10 per cent), Norway (.no, 0.16 per cent) and Sweden (.se, 0.21 per cent). Iceland (.is, 0.19 per cent) and Ireland (.ie, 0.11 per cent) rounded out McAfee's list of safe surfing habitats.

Even though the Netherlands (.nl), Germany (.de) and the United Kingdom (.uk) are all relatively safe country domains, each of their country domains account for more than 2 million clicks to high or medium-risk sites every month.

The data from McAfee's survey comes from SiteAdvisor, a free "safe searching" tool that catalogues and warns users about unsafe sites. The technology automatically tests websites for a broad range of potential security problems such as exploits, downloads containing spyware, adware, and or other unwanted programs and pop-ups. This data is used to warn surfers if they stray onto a potentially dangerous website.

The survey - which aims to provide a guide book of the net's most dangerous top level domains - also looked at generic top level domains. It found that .info is the riskiest generic domain, with 7.5 per cent of its sites rated as risky followed by .com, with a 5.5 per cent population of dodgy sites.

Some web activities, like registering at a site or downloading a file, are significantly more risky when done at certain domains. For example, giving an email address to a random .info domain results in a 73.2 per cent chance of receiving spam, McAfee reports.

By contrast, .gov was the tested domain for which SiteAdvisor has found no risky sites, though since the domains is only available to US government agencies that's just as it ought to be.

Data from the study suggests that low or no cost domain registration, coupled with minimal domain oversight, lead to the higher levels of risk found at some top-level domains. For example, one reason the .biz domain may be preferred by spammers is because .biz domains are available for immediate use, rather than after a typical 24 hour waiting period - a distinct advantage in attempts to outwit anti-spam services and blacklists.

The complete study, along with an interactive map, can be found here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.