Companies that assign addresses for websites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released later on Wednesday by antivirus software vendor McAfee.
McAfee found the most dangerous domains to navigate to were “.hk” (Hong Kong), “.cn” (China) and “.info” (information).
Of all “.hk” sites McAfee tested, it flagged 19.2 per cent as dangerous or potentially dangerous to visitors; it flagged 11.8 per cent of “.cn” sites and 11.7 per cent of “.info” sites that way.
A little more than 5 per cent of the sites under the “.com” domain — the world's most popular — were identified as dangerous.
More spammers, malicious code writers and other cyber-criminals can establish an online presence when domain name registry businesses cut requirements for registering a site in order to boost their profit and profile. The report does not identify domain name registration companies McAfee believes are responsible for those lapses.
Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers.
The fact that internet scam artists gravitate to domain name services with lower fees and fewer requirements is not new.
What McAfee's “Mapping the Mal Web” report, now in its second year, tries to do is identify the domains that are populated with the highest concentration of risky sites.
The servers for “.hk” and “.cn” Web sites do not have to be in China; Web site operators can register sites from anywhere to target different geographies.
Other risky domains include “.ro” (Romania), with 6.8 per cent, and “.ru” (Russia), with 6 per cent of sites flagged as dangerous.
Shane Keats, research analyst for McAfee and lead author of the report, said the increase in dangerous sites registered under the “.hk” and “.cn” domains over last year's report was caused in part by better data collection on McAfee's part on those domains and by apparent security lapses in some registrar companies' processes for registering addresses.
“My advice about surfing behaviour is that if you're really desperate for cheap Prozac and the pharmacy ends in ‘.cn,' don't do it. Just don't do it,” Mr Keats said. “Find another place to get your Prozac.”
Many internet frauds involve fake sites for pharmaceuticals.
The McAfee report is based on results from 9.9 million websites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam.
Mr Keats said domain name registrars that were strict about authenticating that website owners were operating a legitimate business saw far fewer malicious websites using their services.
Where McAfee found some of the least-risky domain names:
- “.gov” (government use), with 0.05 per cent flagged;
- “.jp” (Japan), with 0.1 per cent flagged and
- “.au” (Australia), with 0.3 per cent flagged.
No comments:
Post a Comment