McAfee: Beware the .hk domain, among others
McAfee released a study late on Tuesday that indicates the domains that tend to be the most dangerous or malware-prone on the Web, and at the top of the list is the Hong Kong (.hk) domain.
The McAfee Mal Web report, which serves as a safety guidebook to risky online neighborhoods, reveals that 19.2 percent of all Web sites ending with the .hk domain pose a security threat to Web users, followed by China (.cn), the Philippines (.ph), Romania (.ro) and Russia (.ru).
By contrast, the safest domains on the Web are Finland (.fi), Japan (.jp), Norway (.no), Slovenia (.si), and Colombia (.co).
In general, the chance of downloading spyware, adware, viruses, or other undesirable software from surfing the Web increased 41.5 percent over 2007, the report found.
To arrive at these conclusions, McAfee researchers used the company's SiteAdvisor tool, which crawls the Web and clicks "yes" to test everything from downloadable software, screensavers, and peer-to-peer file-sharing clients to photo upload utilities, and e-mail and newsletter sign-ups.
The tool then monitors what happens to the test computer after it engages with the sites, looking particularly for risky things like malicious downloads, exploits, viruses, and spyware. Each site is then rated based on the behavior, with buttons on the browser colored green, yellow, or red for computers that have the tool downloaded.
Even if the greatest percentage of dangerous sites use the .hk domain, that doesn't mean they are all based in Hong Kong or that more malware distributors are located there, said Shane Keats, a research analyst for McAfee. Many sites, particularly the malicious software sites, choose the most affordable domain registrars in countries with the least regulation, so usually they are not located in that country, he said.
"They are looking for top-level domains with the least regulation, that are the easiest to maneuver and the cheapest to register," Keats said.
While registrars in China charge as little as 15 cents for a registration and others are free, sites with domains in Japan and Australia are found to be safer partly because those countries require proof that a company is incorporated to use their top-level domains, he said.
In addition, English speakers shouldn't feel safer just because many of the more risky domains are in foreign countries, because many of those sites are still presented in English, according to Keats. For instance, nine times out of 10, sites with the Romanian domain will be in English, he said.
The damage from risky sites runs from the "apocalyptic to the annoying," according to Keats.
"It can be as minimal as a pop-up track, and I can't exit out or it opens a new pop-up window and I have to reboot, (to) other sites where you just touch the site and you have downloaded software that turns the machine into a bot in a bot army that sends spam," he said.
A Web surfer has a 1-in-20 chance of "hosing" the computer if a file is downloaded at random from the Internet, while the odds increase to 1 in 10 if the file comes from an Italy (.it) domain and 1 in 7 if it comes from a Romania domain, he said.
As for online porn, those sites aren't considered any more risky than other types of sites on the Web in general, despite the common belief that they are, he said.
Because they have viable business models, porn sites don't need to use malicious software to make money. However, "when they are bad, they are really, really bad, and among the worst of the spammers and exploits," Keats said.
Top 20 top-level domains ranked by percentage of sites with red and yellow download ratings.
(Credit: McAfee)
"...other sites where you just touch the site and you have downloaded software that turns the machine into a bot in a bot army that sends spam..."
Can happen. Assuming you've got a properly patched system then you've got to OK an ActiveX control's install. This is irresponsible journalism -- people should be WARY on the 'Net, but not frightened to surf at all.