The Internet’s Most Malicious Domains

A comprehensive new study from independent security firm Blue Coat revealed that ten top-level domains with a staggering 95 % of websites between them pose a multitude of threats to visitors of the websites.

California-based Security firm Blue Coat set out to do a study that analyzed tens of millions of websites routinely visited by “Blue Coat’s 75 million global users.” The resulting report comes from a database where Blue Coat ranks websites on their legitimate content or, alternatively, their malware, spam, phishing attacks and other malicious programs hosted on the domains.

The worst offenders of all domains were ‘.zip.’ And ‘.review’, As far as top-level domains go. Between the two, a frankly bemusing 100% of all websites with the two domains were deemed “shady”, in the report.

“I don’t think I’ve ever personally found a legitimate .review site,” said Chris Larsen, leader of the malware research team at Blue Coat Systems, Inc., speaking to CSOonline.

Top-Level Domains as Malware Distributors

Staggeringly, four other ‘top-level’ domains had 99% of all websites between them deemed to be ‘malicious.’ They are – ‘.country’, ‘.kim,’ ‘.cricket’ & ‘.science.’

The internet’s most dangerous top-level domains are:

  1. .zip, 100 percent evil, <1,000 domains
  2. .review, 100 percent evil, 45,304 domains
  3. .country, 99.97 percent evil, 5,442 domains
  4. .kim, 99.74 percent evil, 8,913 domains
  5. .cricket, 99.57 percent evil, 27,723 domains
  6. .science, 99.35 percent evil, 324,833 domains
  7. .work, 98.20 percent evil, 68,144 domains
  8. .party, 98.07 percent evil, 206,914 domains
  9. .gq (Equatorial Guinea), 97.68 percent evil, 69,437 domains
  10. .link, 96.98 percent evil, 150,595 domains

Source: Blue Coat

In order to avoid such malware-infested websites, Larsen recommends companies block all traffic to these toxic domains.

Cyber-squatting is another way in which scammers and malicious operators take advantage newer top-level domains.

“The bad guys could use these in very misleading ways,” he noted.

Large U.S. companies have frequently been targeted by extortionists who, for instance, claim the ‘.sex.’ versions of their domains before offering it to the companies at a high price as blackmail.

It’s important to note that neither the FTC nor ICANN nor IANA or even Congress is taking any measures to address this very real concern.

Larsen points out that any mandates to look into the matter “was hot-potatoed (sic) back and forth.”

Domain registrars are also to be blamed for not doing a good with filtering spammers and scammers when it comes to top-level domains.

“They gravitate to places where they can get free or very cheap domains; no questions asked,” Larsen said.

The reality is that domain registrars are under no pressure for better controls to be put in place.

Between 1985 and 2012, top-level domains (TLDs) had slow growth numbers, from 5 to 22 in total. Recent aggressive growth totals the number to 1,054 TLDs as things stand today, according to ICANN. The Internet Corporation for Assigned Names and Numbers (ICANN) intends to allow more TLDs in the near future.

The most popular TLD is of course – ‘.com.’ And accounts for 43 percent of all websites on the internet. The next 13 TLDs following ‘.com.’ total up to another 38 percent of all websites.

Of the ten most dangerous TLDs, ICANN made it clear that ‘.science’ is the domain with the most number of website registrations, with a total of 324,833 registrations. The reason behind the surge in registrations is simple. According to Blue Coat, the registrar was giving away ‘.science.’ Domains for free this March. Earlier, 96 percent of the top 200 .science websites with the most traffic are shady. Since the giveaway, the percentage of all shady websites on the domain went up to 99 percent.

The hijack of .science domains by scammers has gone down considerably of late, however, ever since the register ceased the free giveaway and now charges $16 for each domain.

In contrast, the best-rated TLD is ‘.mil’ and has only 0.24 percent of all domains as shady websites due to being proactively clean from the start.

“They’re paying attention to what’s in their neighborhood, and they do some checking,” adds Larsen.

The top 10 clean or ‘least-shady’ TLDs are:

  1. .mil
  2. .jobs
  3. .ck (Cook Islands)
  4. .church
  5. .gov
  6. .gi (Gibraltor)
  7. .tel
  8. .kw (Kuwait)
  9. .london, and
  10. .jp (Japan)

Source: Blue Coat