Thursday, June 5, 2008

Beware of '.hk', '.cn' domains!

When surfing the Internet for safe websites, not all domains are equal.

Companies that assign addresses for websites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report by antivirus software vendor McAfee.

McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information). Of all ".hk" sites McAfee tested, it flagged 19.2% as dangerous or potentially dangerous to visitors; it flagged 11.8% of ".cn" sites and 11.7% of ".info" sites that way.

A little more than 5% of the sites under the ".com" domain—the world's most popular—were identified as dangerous. More spammers, malicious code writers and other cyber criminals can establish an online presence when domain name registry businesses cut requirements for registering a site in order to boost their profit and profile.

The report does not identify domain name registration companies McAfee believes are responsible for those lapses. Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well-known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers.

The fact that Internet scam artists gravitate to domain name services with lower fees and fewer requirements isn't new.

What McAfee's "Mapping the Mal Web" report, now in its second year, tries to do is identify the domains that are populated with the highest concentration of risky sites. The servers for ".hk" and ".cn" websites don't have to be in China; website operators can register sites from anywhere to target different geographies. Other risky domains include ".ro" (Romania), with 6.8%, and ".ru" (Russia), with 6% of sites flagged as dangerous.

Shane Keats, research analyst for McAfee and lead author of the report, said the increase in dangerous sites registered under the ".hk" and ".cn" domains over last year's report was caused in part by better data collection on McAfee's part on those domains and by apparent security lapses in some registrar companies' processes for registering addresses.

"My advice about surfing behaviour is that if you're really desperate for cheap Prozac and the pharmacy ends in '.cn', don't do it. Just don't do it," Keats said. "Find another place to get your Prozac."

Many Internet frauds involve fake sites for pharmaceuticals.

The McAfee report is based on results from 9.9 million websites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam.

Keats said domain name registrars that are strict about authenticating that website owners are operating a legitimate business see far fewer malicious websites using their services.

Where McAfee found some of the least-risky domain names: ".gov" (government use), with 0.05% flagged; ".jp" (Japan), with 0.1% flagged and ".au" (Australia), with 0.3% flagged.

No comments: