14 DAY TRIAL // Security giant McAfee has released its annual “Mapping the Mal Web” report, in which it analyzes the percentage of domains found to host malicious content and organizes the results by TLD and type of threats. The riskiest TLD this year was .cm, Cameroon's country code, with over one in three domains posing some form of threat.
For this report (PDF), McAfee used data gathered by its SiteAdvisor and TrustedSource technologies for over 27 million domain names. The results revealed that 5.8% of all scanned domains were risky in one way or another, which is a 1.7% increase over last year's score. However, the McAfee researchers note that changes in their methodology might be responsible for a part of this variation in figures.
The riskiest top-level domain (TLD) this year is .cm (Cameroon), with a risk score of 36.7%, actually surpassing .com, the most popular and common domain name, at 32.2%. The third TLD on McAfee's risk scale is .cn (People's Republic of China) with a score of 23.4%. The .ws (Samoa) and .info (Information) complete the top five with a risk level of 17.8% and 15.8%, respectively.
In contrast, the least risky domains are .gov (Governmental), .edu (Educational), .jp (Japan), .ie (Ireland) and .hr (Croatia). “When cybercriminals choose where to register their malicious websites, they check for low prices, easy registration, a lack of regulation, or a 'no questions asked' policy. In a strange way, they’re not much different from you and me — cybercriminals look for the 'best deals' too,” the analysts reveal.
Another explanation for the increase in use of .cm domains for cybercriminal purposes is its resemblance to .com. When quickly checking out a longer URL, users might not notice the difference between paypal.com and paypal.cm, for example.
As for specific types of Web threats, the percentage of domains used in spam has decreased significantly - 2.8% compared to 7.6% last year. The .info TLD established itself as the leader in this category, with 17% of such domains bearing a spam risk.
Meanwhile, the number of domains hosting websites that offer malicious downloads has only registered a slight 0.2% variation since the last report and now represents 4.5% of the total. The country-code top-level domain for Romania (.ro) was the most abused in this category, with 21.0% of download serving websites under this TLD pushing some type of malware.
In previous years, this McAfee report pushed some TLD maintainers to take action. Such was the case of .tk (the island of Tokelau), which, in 2007, had a risk rating of 10.1%. Due to aggressive changes in policy, by 2008, the .tk registrar decreased its rating to only 1.43%. Hong Kong's TLD, which was the riskiest in 2008 with a score of 32.2%, dropped in this year's report to the 34th position, with a new rating of 1.1%.