Riskiest web domains to surf and search

Africa’s Cameroon (.cm) has overthrown Hong Kong (.hk) as the Web’s riskiest domain, according to McAfee’s third annual Mapping the Mal Web report.

December 7, 2009

Africa’s Cameroon (.cm) has overthrown Hong Kong (.hk) as the Web’s riskiest domain, according to McAfee’s third annual Mapping the Mal Web report.

At the opposite end, Japan (.jp) is the safest country domain, landing in the top five safest domains for the second year in a row. The most heavily trafficked Web domain in the world, commercial (.com), jumped from the ninth to second most dangerous domain, while government (.gov) is the safest non-country domain.

“This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer,” says Jayson O’Reilly, regional manager for Africa at McAfee. “Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught.”

Cameroon, a small African country that borders Nigeria, jumped to the number one spot this year with 36.7 percent of the .cm domain posing a security risk, but did not even make the list last year.

Because the domain .cm is a common typo for .com, many cybercriminals set up fake typo-squatting sites that lead to malicious downloads, spyware, adware and other potentially unwanted programs.

Following aggressive measures from .hk’s domain managers to clamp down on scam-related registrations last year, Hong Kong fell 33 spots from the most risky domain in 2008 to the 34th most risky domain in 2009.

Now only 1.1 percent of .hk sites pose a risk, whereas last year nearly one in five .hk Web sites were risky.

Among country domains, the People’s Republic of China (.cn) and Samoa (.ws) remained in the top five most dangerous places in the last two years.

Country Web Domains (ranked in most risky order):

1. Cameroon (.cm): 2009 – 36.7%, 2008 – n/a

2. PR of China (.cn): 2009 – 23.4%, 2008 – 11.8%

3. Samoa (.ws): 2009 – 17.8%, 2008 – 3.8%

4. Phillipines (.ph): 2009 – 13.1%, 2008 – 7.7%

5. Former Soviet Union (.su): 2009 – 5.2%, 2008 – n/a
Country Web Domains (ranked in least risky order):

1. Japan (.jp): 2009 – 0.1%, 2008 – 0.1%

2. Ireland (.ie): 2009 – 0.1%, 2008 – 0.3%

3. Croatia (.hr): 2009 – 0.1%, 2008 – 0.5%

4. Luxemborg (.lu): 2009 – 0.1%, 2008 – n/a

5. Vanuatu (.vu): 2009 – 0.2%, 2008 – 0.9%
Additional findings from the 2009 Mapping the Mal Web report include:

•     Of the 27 million Web sites and 104 top-level domains McAfee rated for this report, 5.8 percent pose a security risk – that is more than 1.5 million risky Web sites.

•     Sites registered to the Asia-Pacific Web domains are significantly riskier than the overall Web with 13 percent of sites posing a threat. This region includes the second riskiest domain with the People’s Republic of China (.cn), and also, ironically, the safest Web domain with Japan (.jp).

•     Ireland (.ie) is Europe’s safest Web domain with only .1 percent risky sites.

Using McAfee SiteAdvisor technology and data from McAfee TrustedSource technology, McAfee analysed more than 27 million country and generic Web domains and calculated a weighted risk ratio.

McAfee SiteAdvisor tests Web sites for browser exploits, phishing, excessive pop-ups and malicious downloads and gives sites that fail a rating. McAfee TrustedSource technology is a comprehensive Internet reputation system that analyses Web traffic patterns, site behaviour, hosted content, and more, to provide insight into site security risk.

“It’s not always easy for computer users to identify what’s safe and what’s not,” says O’Reilly. “Reports like this and tools like McAfee SiteAdvisor, which is incorporated into all of McAfee’s consumer security suites, can be the compass people need to navigate the Web.”