McAfee® Inc. 300x166 McAfee Maps Malware: Are the Domains the Problem?McAfee released an update to its world-wide look at malware today. I know the first thing you want to know is what the most dangerous TLDs are so …

  • .CM (Cameroon) with a weighted risk of 36.7%
  • .COM (Commercial) with a weighted risk of 32.2%
  • .CN (People’s Republic of China) with a weighted risk of 23.4%
  • .WS (Samoa) with a weighted risk of 17.8%
  • .INFO (Information) with a weighted risk of 15.8%

I’m not surprised at .info or .com being right up there, both are easily available with few checks and balances at who can register domains. The others, well that’s a little more interesting isn’t it? Is the great land rush of money that can come from a nice, short domain making country TLD controllers turn a blind eye to the bad guys? Maybe, one bright light in the malworld is Hong Kong which was tops last year and now is #34. Why and how? Better and tighter controls on who can register a domain:

“Additional checks are performed to identify applications of ‘.HK’ domain names likely to be used for fraudulent purposes. We request applicants to provide identity proof for suspicious applications. Due to security concerns, we cannot disclose the specifics of the changes in handling applications for new ‘.HK’ domain names.

Also, we have to emphasize that this is a concerted effort of multiple parties. It is not just the registry alone. We have received valuable help from the local CERT, police and the local telecommunication service regulator.”

The bottom five TLDs have some of the tightest controls on registrations:

  • Governmental (.GOV)
  • Japan (.JP)
  • Educational (.EDU)
  • Ireland (.IE)
  • Croatia (.HR)

So are tighter controls on registrations the answer? Sure, partially, though I can’t expect that NameCheap or GoDaddy will want to put people through all kinds of checks for .com and .info registrations. What I think is the next line of defense are the hosts themselves. For a domain to become a site, it needs a host. While I know there will always be bottom-feeding hosts, the more hosts that are proactive about cleaning house and giving the boot to the bad guys the better off we’ll all be. As for those of us who get hacked and nasties get embedded into our sites, again I think hosts have a responsibility to help clean things up and lock down their own servers.

Oh and Canada? We’re at #64. Not bad.

If you’re interested, the full report in PDF is available from McAffe.