Beware the .hk domain - Navtej Kohli
McAfee: Beware the .hk domain, among others.
Complete report on Navtej Kohli Blog
McAfee is set to release a study late on Tuesday that indicates the
domains that tend to be the most dangerous or malware-prone on the Web,
and at the top of the list is the Hong Kong (.hk) domain.
The McAfee Mal Web report, which serves as a safety guidebook to risky
online neighborhoods, reveals that 19.2 percent of all Web sites ending
with the .hk domain pose a security threat to Web users, followed by
China (.cn), the Philippines (.ph), Romania (.ro) and Russia (.ru).
By contrast, the safest domains on the Web are Finland (.fi), Japan (.jp), Norway (.no), Slovenia (.si), and Colombia (.co).
In general, the chance of downloading spyware, adware, viruses, or
other undesirable software from surfing the Web increased 41.5 percent
over 2007, the report found.
To arrive at these conclusions, McAfee researchers used the company's
SiteAdvisor tool, which crawls the Web and clicks "yes" to test
everything from downloadable software, screensavers, and peer-to-peer
file-sharing clients to photo upload utilities, and e-mail and
newsletter sign-ups.
The tool then monitors what happens to the test computer after it
engages with the sites, looking particularly for risky things like
malicious downloads, exploits, viruses, and spyware. Each site is then
rated based on the behavior, with buttons on the browser colored green,
yellow, or red for computers that have the tool downloaded.
Even if the greatest percentage of dangerous sites use the .hk domain,
that doesn't mean they are all based in Hong Kong or that more malware
distributors are located there, said Shane Keats, a research analyst
for McAfee. Many sites, particularly the malicious software sites,
choose the most affordable domain registrars in countries with the
least regulation, so usually they are not located in that country, he
said.
While registrars in China charge as little as 15 cents for a
registration and others are free, sites with domains in Japan and
Australia are found to be safer partly because those countries require
proof that a company is incorporated to use their top-level domains, he
said.
In addition, English speakers shouldn't feel safer just because many of
the more risky domains are in foreign countries, because many of those
sites are still presented in English, according to Keats. For instance,
nine times out of 10, sites with the Romanian domain will be in
English, he said.
The damage from risky sites runs from the "apocalyptic to the annoying," according to Keats.
"It can be as minimal as a pop-up track, and I can't exit out or it
opens a new pop-up window and I have to reboot, (to) other sites where
you just touch the site and you have downloaded software that turns the
machine into a bot in a bot army that sends spam," he said.
A Web surfer has a 1-in-20 chance of "hosing" the computer if a file is
downloaded at random from the Internet, while the odds increase to 1 in
10 if the file comes from an Italy (.it) domain and 1 in 7 if it comes
from a Romania domain, he said.
As for online porn, those sites aren't considered any more risky than
other types of sites on the Web in general, despite the common belief
that they are, he said.
Because they have viable business models, porn sites don't need to use
malicious software to make money. However, "when they are bad, they are
really, really bad, and among the worst of the spammers and exploits,"
Keats said.
