The Web's ten most dangerous neighborhoods

Ten top-level domains are to blame for at least 95 percent of the websites that pose a potential threat to visitors

Wouldn't it be convenient if all the spam and malware sites were all grouped together under one top-level domain -- .evil, say -- so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95 percent or more of sites pose a potential threat to visitors.

The worst offenders were the .zip and the .review top-level domains, with 100 percent of all sites rated as "shady," according to the report.

The report is based on an analysis of tens of millions of websites visited by Blue Coat's 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.

"I don't think I've ever personally found a legitimate .review site," said Chris Larsen, malware research team leader at Sunnyvale, Calif.-based Blue Coat Systems, Inc.

Four more top-level domains had 99 percent malicious sites -- .country, .kim, .cricket, and .science.

Larsen recommends that companies block all traffic to the worst-rated domains.

Another way that scammers take advantage of some of the new top-level domains is through cyber-squatting.

Several large US companies have been hit by extortionists registering, for example, .sex versions of their domains and offering them back to their targeted companies at an inflated price.

"The bad guys could use these in very misleading ways," he said.

However, neither Congress, nor the FTC, nor ICAAN nor IANA took any measures to address this.

"It was hot-potatoed back and forth," Larsen said.

The reason some top-level domains are so much worse than others is that not all registrars do a good job at filtering out spammers and scammers.

"They gravitate to places where they can get free or very cheap domains, no questions asked," he said.

The domain registrars themselves need to put better controls in place to make it more difficult for malicious users to set up domains.

But there isn't much pressure on them to do so, Larsen added.

"No one is minding the store, as far as we can tell," he said.

Since Blue Coat started publishing reports on individual top-level domains at the beginning of the year, and so far only one -- .xyz -- has taken steps to start cleaning things up.

"We have agreed to start sharing some data back and forth with them, and I'm hopeful that will reduce the number of bad .xyz domains that show up," he said.

The number of TLDs has exploded recently -- between 1985 and 2012, the number of TLDs grew slowly, from five to 22. Today, according to ICAAN, there are 1,054 top-level domains. And ICAAN -- the Internet Corporation for Assigned Names and Numbers -- plans to allow more such domains in the future.

The top one, .com, accounts for 43 percent of all websites, and the next 13 top level-domains account for another 38 percent. The other 1,040 top-level domains see less than 1 percent of site registrations each -- adding up to 19 percent of all remaining domains.

Of the top ten most dangerous top-level domains, the one with the most website registrations, according to ICAAN, is .science, a new top-level domain with 324,833 registrations.

The reason it's so popular? Back in March, according to Blue Coat, the registrar was giving away domains for free. As a result, of the top 200 most trafficked .science sites, 96 percent were shady, mostly spam. Since then, the percent shady has risen to 99 percent.

That might change -- register.science has stopped giving away free domains and is now charging $16 each.

Other domain registrars have kept things clean right from the start.

The top-rated .mil top-level domain, for example, has very few shady sites -- just 0.24 percent of all domains in the Blue Coat database.

"They're paying attention to what's in their neighborhood, and they do some checking," he said.

The other nine least-shady top-level domains are .jobs, .ck (Cook Islands), .church, .gov, .gi (Gibraltor), .tel, .kw (Kuwait), .london and .jp (Japan).

Chart: Top 10 most evil top level domains:

1: .zip, 100 percent evil, <1,000 domains

2: .review, 100 percent evil, 45,304 domains

3: .country, 99.97 percent evil, 5,442 domains

4: .kim, 99.74 percent evil, 8,913 domains

5: .cricket, 99.57 percent evil, 27,723 domains

6: .science, 99.35 percent evil, 324,833 domains

7: .work, 98.20 percent evil, 68,144 domains

8: .party, 98.07 percent evil, 206,914 domains

9: .gq (Equatorial Guinea), 97.68 percent evil, 69,437 domains

10: .link, 96.98 percent evil, 150,595 domains

Source: Blue Coat, ICAAN

Join the CSO newsletter!

Error: Please check your email address.

More about Blue Coat SystemsFTCIANAInc.Internet Corporation for Assigned Names and Numbers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place