The Web's ten most dangerous neighborhoods

Ten top-level domains are to blame for at least 95 percent of the websites that pose a potential threat to visitors

Credit: Image credit: flickr/David Sanchez

Wouldn't it be convenient if all the spam and malware sites were all grouped together under one top-level domain -- .evil, say -- so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95 percent or more of sites pose a potential threat to visitors.

The worst offenders were the .zip and the .review top-level domains, with 100 percent of all sites rated as "shady," according to the report.

The report is based on an analysis of tens of millions of websites visited by Blue Coat's 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.

"I don't think I've ever personally found a legitimate .review site," said Chris Larsen, malware research team leader at Sunnyvale, Calif.-based Blue Coat Systems, Inc.

Four more top-level domains had 99 percent malicious sites -- .country, .kim, .cricket, and .science.

Larsen recommends that companies block all traffic to the worst-rated domains.

Another way that scammers take advantage of some of the new top-level domains is through cyber-squatting.

Several large US companies have been hit by extortionists registering, for example, .sex versions of their domains and offering them back to their targeted companies at an inflated price.

"The bad guys could use these in very misleading ways," he said.

However, neither Congress, nor the FTC, nor ICANN nor IANA took any measures to address this.

"It was hot-potatoed back and forth," Larsen said.

The reason some top-level domains are so much worse than others is that not all registrars do a good job at filtering out spammers and scammers.

"They gravitate to places where they can get free or very cheap domains, no questions asked," he said.

The domain registrars themselves need to put better controls in place to make it more difficult for malicious users to set up domains.

But there isn't much pressure on them to do so, Larsen added.

"No one is minding the store, as far as we can tell," he said.

Since Blue Coat started publishing reports on individual top-level domains at the beginning of the year, and so far only one -- .xyz -- has taken steps to start cleaning things up.

"We have agreed to start sharing some data back and forth with them, and I'm hopeful that will reduce the number of bad .xyz domains that show up," he said.

The number of TLDs has exploded recently -- between 1985 and 2012, the number of TLDs grew slowly, from five to 22. Today, according to ICANN, there are 1,054 top-level domains. And ICANN -- the Internet Corporation for Assigned Names and Numbers -- plans to allow more such domains in the future.

The top one, .com, accounts for 43 percent of all websites, and the next 13 top level-domains account for another 38 percent. The other 1,040 top-level domains see less than 1 percent of site registrations each -- adding up to 19 percent of all remaining domains.

Of the top ten most dangerous top-level domains, the one with the most website registrations, according to ICANN, is .science, a new top-level domain with 324,833 registrations.

The reason it's so popular? Back in March, according to Blue Coat, the registrar was giving away domains for free. As a result, of the top 200 most trafficked .science sites, 96 percent were shady, mostly spam. Since then, the percent shady has risen to 99 percent.

That might change -- has stopped giving away free domains and is now charging $16 each.

Other domain registrars have kept things clean right from the start.

The top-rated .mil top-level domain, for example, has very few shady sites -- just 0.24 percent of all domains in the Blue Coat database.

"They're paying attention to what's in their neighborhood, and they do some checking," he said.

The other nine least-shady top-level domains are .jobs, .ck (Cook Islands), .church, .gov, .gi (Gibraltor), .tel, .kw (Kuwait), .london and .jp (Japan).

Chart: Top 10 most evil top level domains:

1: .zip, 100 percent evil, <1,000 domains

2: .review, 100 percent evil, 45,304 domains

3: .country, 99.97 percent evil, 5,442 domains

4: .kim, 99.74 percent evil, 8,913 domains

5: .cricket, 99.57 percent evil, 27,723 domains

6: .science, 99.35 percent evil, 324,833 domains

7: .work, 98.20 percent evil, 68,144 domains

8: .party, 98.07 percent evil, 206,914 domains

9: .gq (Equatorial Guinea), 97.68 percent evil, 69,437 domains

10: .link, 96.98 percent evil, 150,595 domains

Source: Blue Coat, ICANN

This story, "The Web's ten most dangerous neighborhoods" was originally published by CSO.