14 DAY TRIAL // According to a report from German antivirus vendor Avira, the number of country code top-level domains (ccTLDs) used to distribute malware has increased significantly during October.
The biggest deviation was registered for .ru with a 73.92% increase compared to September. Despite this, .com remains the most abused TLD and accounts for 38.01% of all malware hosting domains.
It is followed by .ru at 9.22%, .net at 7.17%, .info at 6.18% and .org at 5.17%. It's also noteworthy that .ru is the only ccTLD in the top five.
Other significant malware distribution variations for country domain spaces were registered for .pl (+78.23%), .it (+35.68%), .br (+30.28%), .de (+28.77%) and .kr (+19.00).
"This is the second month we are seeing this increase in the usage of non standard domains," commented Sorin Mustaca, data security expert at Avira.
"This means that there are many more websites hacked and used to distribute malware than before," the security researcher explained.
On the spam front the overall levels dropped significantly last month. The pharma spam category was most affected, most likely due to the shutdown of Spamit.com, the world's largest rogue pharmacy affiliate program.
As far as malicious URL extensions are concerned, .exe remains the most common one with 27.46% of the total. Meanwhile, .html and .htm have registered significant increases of +77.66% and +76.61% respectively.
PayPal continues to remain the most phished brand, despite the number of attacks targeting it dropping by 90.66% in October.
Ebay phishing also registered a -162.99% decline, but Facebook continued to rise (+64.66%). This reflects cybercriminals' interest in compromised social networking accounts.
Bit.ly is the most abused URL shortening service for malware distribution, being used in 33.33% of all attacks. However, it too has registered a -115.15% decline.
On the other hand, TinyURL.com remains the preferred service for phishing attacks, where it accounts for 22.95% of those using shortened URLs.