McAfee names dodgiest domains

[nsane.forums]

Cameroon's .cm domain tops the list of shame

More than five per cent of the sites on the web could cause security risks, with Cameroon's .cm domain the most dangerous, according to the third annual State of the Mal Web report from security giant McAfee, released today.

The firm scanned 27 million web sites and 104 top level domains (TLDs) using its SiteAdvisor and TrustedSource technology and judged that 5.8 per cent pose a security risk "“ that is more than 1.5 million risky web sites.

While not exhaustive, the report is a good snapshot of the state of malware on the web. Last year's most risky domain, Hong Kong's .hk, dropped to 34th spot following a clamp down on dubious registrations, while the world's most popular, .com, jumped from ninth to second most dangerous.

"This report underscores how quickly cyber criminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," said Mike Gallagher, chief technology officer for McAfee Labs.

"Cyber criminals target regions where registering sites is cheap and convenient, and poses the least risk of being caught."

Cameroon's .cm domain has long been popular with domain name scammers, or typosquatters, who register sites with the intention of getting traffic from unsuspecting users who mistype '.com'.

These sites are either monetised with online ads or infected with malware and other potentially unwanted programs, said McAfee.

Over a third of .cm's were found to pose a security risk.

View: Original Article

[DKT27]

McAfee uncovers riskiest domains

Red means danger. And orange offers plenty of risk, too. (Click for a larger view of the map.)

You may want to think twice if you hit a site with a .cm extension. That belongs to Cameroon, pegged by McAfee as the world's riskiest domain.

McAfee's third annual "Mapping the Mal Web" report, released Wednesday, looks at riskiest and safest domains across the globe. The small nation on the west coast of Africa reached the top spot this year with 36.7 percent of its sites posing a security risk. Because .cm is often a typo for .com, McAfee said, cybercrooks like to use that domain to set up typo-squatted sites to hit you with malware.

The generic and widely used .com domain itself isn't much safer, according to McAfee, jumping from ninth last year to second this year in riskiness, with 32.2 percent of its sites potentially hazardous to your PC's health.

Romania (.ro) is tagged as the riskiest domain for malicious downloads, with 21 percent of its sites delivering payloads of viruses, spyware, and adware. The information (.info) domain is seen by McAfee as the most "spammy," with 17.2 percent of its sites generating junk mail.

On the positive side, the government (.gov) is the safest generic domain with essentially 0 percent risk, while Japan (.jp) proved the safest country domain with a rating of only 0.1 percent. Last year's riskiest domain, Hong Kong (.hk) dropped to 34th place with a risk rating of only 1.1 percent, which McAfee attributed to the country's aggressive steps to stop scam-related domain registrations.

"This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," Mike Gallagher, chief technology officer for McAfee Labs, said in a statement. "Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."

Overall, looking at 27 million Web sites and 104 top-level domains, McAfee found that 1.5 million sites, or 5.8 percent, were risky. That's up from 4.1 percent from the past two years, although the comparison is not direct since McAfee said it changed its rating methodology since then.

McAfee noted that cybercriminals who create domains to scam people prefer registrars with cheap prices, volume discounts, and hefty refund policies. Crooks also like registrars with a "no questions asked" policy and that act slowly or not at all when informed of malicious domains.

Source - CNET