 |
Mapping The Mal Web, Revisited
By Shane Keats,,
McAfee® Security Analyst
There are few places as sprawling and diverse as the web and until recently we had no guide on how to safely navigate it. However, with the advent of McAfee SiteAdvisor® a few years ago, McAfee became the first and only company to warn consumers about risky sites before they click.
Each day, SiteAdvisor scans many thousands of web sites across each and every one of the Web’s 265 Top Level Domains (TLD), rating them for safety in terms of exploits, malicious code, phishing practices and other nefarious web behavior. Last year, with this valuable information in hand, we set out to map the “mal web,” revealing which domains were the riskiest to surf and which were relatively safe. And now, we’ve done it again with “Mapping The Mal Web, Revisited,” our 2008 guide to surfing the web.
There were some notable changes from last year—such as .hk’s (Hong Kong) jump to the riskiest country TLD—but there was also a great deal of continuity. For instance, although some of the danger shifted, overall risk remained constant from 2007, at 4.1 percent of web sites in 74 ranked domains.
This mix of continuity and change no doubt reflects the ongoing battle between honest web citizens and cybercrooks fighting over virtual terrain. Luckily, “Mapping The Mal Web, Revisited” gives us up-to-date information on navigating both safe and disputed territories. Here’s an overview of what we found in 2008:
As previously mentioned, .hk was rated the riskiest country TLD, beating out last year’s most dangerous country destination: the TLD .tk, represents the tiny island nation of Toklelau. SiteAdvisor showed that 19.2 percent of all .hk sites we scanned rated a yellow or red warning.
China’s TLD, .cn, came in as the second most risky country TLD, with 11.8 percent of sites generating a yellow or red rating. This was a significant jump from last year, when just 3.7 percent of China’s sites were rated dangerous.
In the Americas, the United States’ .us domain was the riskiest, with 2.1 percent of sites earning a yellow or red rating. Still, this number was relatively low when compared to other regions.
In all of Europe, the Middle East and Africa (EMEA), Romania’s .ro domain was the riskiest, with 6.8 percent of sites raising flags, followed by Russia (.ru), where 6 percent of sites were risky. These countries ranked the same in their region as last year.
Of generic TLDs, .info remains the riskiest, with 11.8 percent of sites earning warnings. In comparison, .com is the fourth riskiest generic TLD, but the ninth riskiest domain overall, with 5.3 percent of its sites flagged.
Sites containing exploit code are still very rare, at 0.07 percent. However, these sites are considered very risky since they can disable a computer.
We also tested for email practices. We found that email registration is slightly more risky than last year, with 7.6 percent of sites generating high volume spam, compared to 7 percent last year.
The malicious web is an ever-changing landscape and certainly a fascinating one. It is shaped by economy and opportunity. Places where it is cheap and easy to register a domain inevitably attract bad guys. Registrars that allow for bulk registrations of hundreds of domains at a time while requiring little or no information about the person registering them are probably prime targets for scammers. One of our hopes for this study is that it spurs registrars with risky domains to contact safer players on our list to share best practices.
In the final analysis, it’s up to consumers to keep themselves safe. But with so much changing so quickly, it’s difficult to know whether last year’s “good” neighborhood is still safe. With “Mapping the Mal Web, Revisited,” at least you now have a guide to help you navigate. And the SiteAdvisor tool makes sure your information is always up-to-date.
|
 |
