Published June 04, 2008
SAN JOSE, Calif. – When surfing the Internet for safe Web sites, not all domains are equal.
Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc.
McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information).
Of all ".hk" sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of ".cn" sites and 11.7 percent of ".info" sites that way.
A little more than 5 percent of the sites under the ".com" domain — the world's most popular — were identified as dangerous.
More spammers, malicious code writers and other cybercriminals can establish an online presence when domain-name-registry businesses cut requirements for registering a site in order to boost their profit and profile.
The report doesn't identify domain name registration companies McAfee believes are responsible for those lapses.
Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers.
The fact that Internet scam artists gravitate to domain-name services with lower fees and fewer requirements isn't new.
What McAfee's "Mapping the Mal Web" report, now in its second year, tries to do is identify the domains that are populated with the highest concentration of risky sites.
The servers for ".hk" and ".cn" Web sites don't have to be in China; Web site operators can register sites from anywhere to target different geographies.
Other risky domains include ".ro" (Romania), with 6.8 percent, and ".ru" (Russia), with 6 percent of sites flagged as dangerous.
Shane Keats, research analyst for McAfee and lead author of the report, said the increase in dangerous sites registered under the ".hk" and ".cn" domains over last year's report was caused in part by better data collection on McAfee's part on those domains and by apparent security lapses in some registrar companies' processes for registering addresses.
"My advice about surfing behavior is that if you're really desperate for cheap Prozac and the pharmacy ends in '.cn,' don't do it. Just don't do it," Keats said. "Find another place to get your Prozac."
Many Internet frauds involve fake sites for pharmaceuticals.
The McAfee report is based on results from 9.9 million Web sites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam.
Keats said domain name registrars that are strict about authenticating that Web site owners are operating a legitimate business see far fewer malicious Web sites using their services.
Where McAfee found some of the least-risky domain names:
• ".gov" (government use), with 0.05 percent flagged;
• ".jp" (Japan), with 0.1 percent flagged and
• ".au" (Australia), with 0.3 percent flagged.