One-Third of all .COM Sites Are a Risk

McAfee, one of the leading manufacturers of anti-virus and security software, recently released a report titled “Mapping the Mal Web” that analyzes the relative risk of top-level domains (TLDs).  The TLD for Cameroon, .CM, ranked at the top of the world’s riskiest TLDs.  Alarmingly, .COM took second place on McAfee’s overall list.  According to the report, 32.2% of all .COM Web sites contain browser exploits like drive-by downloads of spyware, adware or malicious content; lead to phishing scams; or bombard users with excessive pop-ups.  Since .COM is the most popular TLD, 32.2% amounts to a total of 918,873 risky domains.

In addition to overall risk, McAfee ranked TLDs by specific threat.  Romania’s TLD, .RO, had the highest portion of malicious downloads, while .INFO was ranked worst for spam, with 17.2% of its sites generating junk email.  On the other end of the scale, the governmental TLD .GOV is the safest generic TLD, while Japan’s .JP is the safest ccTLD.

The popularity of .COM makes it an ideal target for bad actors because so many Internet users intuitively type in .COM at the end of domain names.  Since .CM is such a common typo of .COM, it is not surprising that it is the top choice among cybercriminals.  (We’ve written about threats posed by .CM before.)  According to the BBC, Hong Kong’s .HK ccTLD topped last year’s list of riskiest domains, but since has taken measures to become safer.  Specifically, the Hong Kong Internet Registration Corporation Ltd, which supervises domain registration for .hk Web sites, said that asking for proof of identity was one tactic that has led to a decline in suspicious applications.