The Web's 10 most dangerous neighborhoods

Ten top-level domains are to blame for at least 95% of the websites that pose a potential threat to visitors

Credit: Image credit: flickr/David Sanchez

Wouldn't it be convenient if all the spam and malware sites were all grouped together under one top-level domain -- .evil, say -- so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95% or more of sites pose a potential threat to visitors.

The worst offenders were the .zip and the .review top-level domains, with 100% of all sites rated as "shady," according to the report.

The report is based on an analysis of tens of millions of websites visited by Blue Coat's 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.

"I don't think I've ever personally found a legitimate .review site," said Chris Larsen, malware research team leader at Sunnyvale, Calif.-based Blue Coat Systems, Inc.

Four more top-level domains had 99% malicious sites -- .country, .kim, .cricket and .science.

Larsen recommends that companies block all traffic to the worst-rated domains.

Another way that scammers take advantage of some of the new top-level domains is through cyber-squatting.

Several large US companies have been hit by extortionists registering, for example, .sex versions of their domains and offering them back to their targeted companies at an inflated price.

"The bad guys could use these in very misleading ways," he said.

However, neither Congress, nor the FTC, nor ICANN nor IANA took any measures to address this.

"It was hot-potatoed back and forth," Larsen said.

The reason some top-level domains are so much worse than others is that not all registrars do a good job at filtering out spammers and scammers.

"They gravitate to places where they can get free or very cheap domains, no questions asked," he said.

The domain registrars themselves need to put better controls in place to make it more difficult for malicious users to set up domains.

But there isn't much pressure on them to do so, Larsen added.

"No one is minding the store, as far as we can tell," he said.

Since Blue Coat started publishing reports on individual top-level domains at the beginning of the year, and so far only one -- .xyz -- has taken steps to start cleaning things up.

"We have agreed to start sharing some data back and forth with them, and I'm hopeful that will reduce the number of bad .xyz domains that show up," he said.

The number of TLDs has exploded recently -- between 1985 and 2012, the number of TLDs grew slowly, from five to 22. Today, according to ICANN, there are 1,054 top-level domains. And ICANN -- the Internet Corporation for Assigned Names and Numbers -- plans to allow more such domains in the future.

The top one, .com, accounts for 43% of all websites, and the next 13 top level-domains account for another 38%. The other 1,040 top-level domains see less than 1 percent of site registrations each -- adding up to 19% of all remaining domains.

Of the top ten most dangerous top-level domains, the one with the most website registrations, according to ICANN, is .science, a new top-level domain with 324,833 registrations.

The reason it's so popular? Back in March, according to Blue Coat, the registrar was giving away domains for free. As a result, of the top 200 most trafficked .science sites, 96 percent were shady, mostly spam. Since then, the percent shady has risen to 99 percent.

That might change -- has stopped giving away free domains and is now charging $16 each.

Other domain registrars have kept things clean right from the start.

The top-rated .mil top-level domain, for example, has very few shady sites -- just 0.24% of all domains in the Blue Coat database.

"They're paying attention to what's in their neighborhood, and they do some checking," he said.

The other nine least-shady top-level domains are .jobs, .ck (Cook Islands), .church, .gov, .gi (Gibraltor), .tel, .kw (Kuwait), .london and .jp (Japan).

Chart: Top 10 most evil top level domains:

1: .zip, 100% evil, <1,000 domains

2: .review, 100% evil, 45,304 domains

3: .country, 99.97% evil, 5,442 domains

4: .kim, 99.74% evil, 8,913 domains

5: .cricket, 99.57% evil, 27,723 domains

6: .science, 99.35% evil, 324,833 domains

7: .work, 98.20% evil, 68,144 domains

8: .party, 98.07% evil, 206,914 domains

9: .gq (Equatorial Guinea), 97.68% evil, 69,437 domains

10: .link, 96.98% evil, 150,595 domains

Source: Blue Coat, ICANN

This story, "The Web's 10 most dangerous neighborhoods" was originally published by CSO.

Why is Apple letting Macs rot on the tree?
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies