Feeds

Cameroon leapfrogs Hong Kong in malware hosting blocklist

One in three .cm domains booby-trapped, warns McAfee

Secure remote control for conventional and virtual desktops

Cameroon (.cm) web domains supplanted those in Hong Kong as most likely to harbour malware, with more than one in three (36.7 per cent) of domains registered in the West African country hosting viruses or malicious code.

The .cm used by Cameroon is a common typo for .com, a factor that security firm McAfee speculates may explain why cybercriminals have set up fake typo-squatting sites that lead to malicious downloads or spyware under the country's domain.

Meanwhile Hong Kong (.hk) websites have successfully managed to purge themselves of malware threats – droppings from the most risky domain last year, to a mid-table (34th) position next year. This year only 1.1 per cent of .hk sites pose a risk, compared to one in five .hk Web sites setting off warning bells in McAfee's equivalent report last year. McAfee credits "aggressive measures" from .hk’s domain managers in clamping down on dodgy registrations for the drop.

Hong Kong's newly-minted net sainthood contrasts with the position in the People’s Republic of China (.cn), which appears in second spot in McAfee's list of shame.

"This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught," said Mike Gallagher, chief technology officer for McAfee Labs. "Last year, Hong Kong was the riskiest domain and this year it is dramatically safer.

"Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."

McAfee's third annual Mapping the Mal Web report names Irish (.ie) sites as the safest in EMEA, with only Japanese (.jp) sites ranking lower in risk globally. British websites hold a relatively safe berth, appearing in 55th place on McAfee's list of shame.

Websites ending in ".com" came out as the second most risky domains in 2009, moving up from the ninth spot last year. By contrast, government (.gov) domains were the safest non-country domain.

McAfee analysed 27 million websites and 104 top-level domains using its SiteAdvisor and TrustedSource technology in compiling its report. SiteAdvisor tests websites for browser exploits, phishing, excessive pop-ups and malicious downloads, while TrustedSource offers a reputation system that tracks web traffic patterns, site behaviour, hosted content and more, to gauge site security risks.

The security firm reckons 5.8 per cent (or more than 1.5 million web sites) pose a security risk of one kind or another. ®

The top five riskiest country domains online for 2009, according to McAfee

  1. Cameroon (.cm)
  2. PR of China (.cn)
  3. Samoa (.ws)
  4. Phillipines (.ph)
  5. Former Soviet Union (.su)

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.