June 2008   
 
 

TECHNICAL INSIGHT: MAPPING THE MAL WEB

2008 Cyber Neighborhood Crime Statistics

By Craig Schmugar,,
Threat Researcher, McAfee® Avert® Labs

The Internet can be likened to one big, diverse, urban neighborhood with some safe areas and some areas where you may find yourself at the mercy of gangs, muggers, and other miscreants. While all of us love to visit and explore such places because we appreciate the richness and diversity, we’re a bit wary about venturing out in potentially perilous territory. To have a safer experience, it’s a good idea to understand the lay of the land and know what to expect. McAfee once again assumes the role of the trusted neighborhood tour guide with the recent release of research findings documented in the 2008 version of Mapping the Mal Web, Revisited.

This year’s assessment, culled from the McAfee SiteAdvisor® database, is better than ever in terms of breadth (more domains tested), depth (more pages tested), accuracy, and detection of spyware and other malicious threats. This year, we reviewed 9.9 million web sites and 74 top level domains all over the world and vetted them for known types of malware. For the first time, we’re making real-time information on phishing and spamming domains available in this report. This data has always been measured in SiteAdvisor but has never been published in a study until now. As a result of being able to amass this new, more in-depth data, we’ve seen an increase in the risk ratings of various domains: China (.cn), Hong Kong (.hk), Network (.net), Organization (.org), Information (.info), Philippines (.ph), Switzerland (.ch), and Spain (.es). For an overview of the riskiest top level domains worldwide, see Shane Keats’ article in this issue of McAfee Security Insights.

Let’s take a look at some of the specific risks associated with top level domains and at changes in risk levels from 2007 to 2008.

Testing Methodology
Domain ratings were based on the results from the following test activities:

  • Sites were analyzed for phishing scams, popups of all types, drive-by downloads, spyware, and other exploits
  • Software downloads were checked for malicious code by installing them to determine whether they harbored viruses, adware, spyware, or other potentially unwanted programs
  • Test email addresses were registered on web sites, and the quantity and source of spam content sent to those addresses was subsequently tracked
  • Feedback was also gathered from web surfers, site owners, SiteAdvisor researchers, and SiteAdvisor automated testing

    • Sites that failed one or more of the aforementioned tests were assigned a “red” rating. “Yellow” ratings were given to sites that we felt should be approached with caution.

    Malicious Downloads
    Overall, the chance of downloading malware or potentially unwanted programs increased by a dramatic 41.5 percent during the past 12 months. The generic top level domain, .info, continues to pose the greatest risk, with a 100 percent increase in malicious downloads. To the average web surfer, this means that if they were to explore 10,000 random web sites, downloading software from each, they would have a one in five chance of acquiring malware from a .info site, and a one in seven chance from a .ro (Romanian) site.

    Some domains actually showed improvement in this area in 2008. For example, sites originating in Venezuela (.ve), improved by an impressive 90 percent.

    Email Risk
    In addition to embedding malware into downloadable software, another technique commonly used by cybercriminals is getting unsuspecting victims to register on their sites and then flooding their inboxes with spam. We identified an 8.4 percent increase this year in the number of sites that generated high volume, commercial email. Registering an email address at a Chinese site (.cn) is dramatically more risky this year than last: test registrations that received spam from these sites more than doubled—from 17.2 percent in 2007 to 39.7 percent in 2008. Registering with the most generic of all domains, .info, presented fewer risks this year than last (it went down from 73.2 in 2007 percent to 58.3 percent in 2008), but this domain still topped the list as the riskiest in this category.

    Exploits or Drive-bys
    This is one area that did not change much from 2007 to 2008. Only one-tenth of one percent of all sites in this study contained exploits or drive-by downloads. But it should be noted that just one foray into such a site can be extremely dangerous, as this kind of malware can severely impact the usability of your computer, or worse, result in identity theft.

    Conclusion
    Though the risks of Internet surfing may be greater today than they were a year ago, continual enhancements in McAfee SiteAdvisor crawling techniques and malware detection technologies empower visitors with more accurate, in-depth knowledge. Common sense is part of the web safety equation. Another is using appropriate computer security technology and availing yourself of protection in the form of Internet safety tools, like McAfee SiteAdvisor, that can help you steer clear of suspicious and potentially dangerous sites.

     
     

     

    Useful Links
    Recent articles
    Send to a friend
    Add me to the newsletter list
    Change my subscription to text
     



             
     

    McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee Inc. and/or its affiliates in the United States and/or other countries. McAfee red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

    Copyright 2007 McAfee, Inc. All rights reserved | Privacy Policy | Anti-Piracy Policy | unsubscribe