A Tour of Risky Web Sites

June 4, 2008 – 10:22 AM

Just over 4% of all Web sites are dangerous, according to a new report. But all bad sites aren’t created equal: Cyber bad guys are more likely to build their sites where it’s easy to do so.

The report out today from McAfee, a tech-security company that’s trying to position itself as the Internet’s guardian angel, ranks so-called domains — the letters at the end of an Internet address like .com, .org, or .uk – by the percentage of risky sites they contain. Web sites are considered risky if they have files that, if downloaded, could give a hacker control of a visitor’s computer, or if filling out a form on the site resulted in a bombardment of spam emails.

McAfee found that 5% of addresses that ended in .com are risky, which is about average. The real risk comes from Web sites within more obscure domains, like .info, where 12% of the sites are risky. Also, sites registered in different countries have different degrees of risk. Nineteen percent of sites that end in .hk, the domain for Hong Kong, are risky, according to the report. Among the reasons: In order to encourage people to register .hk sites, Hong Kong allowed people to sign up for multiple sites at a time without filling out multiple applications, offered a two-for-the-price-of-one sale on .hk sites, and promoted the .hk domain overseas.

The Pacific island Tokelau, which offers the .tk domain, once allowed people to sign up for Web sites anonymously, and for free. It was able to reduce the number of risky sites by 86% by changing its policies, McAfee found. McAfee also reports that countries such as Japan (.jp), and Australia (.au) that have restrictive policies for registering domain names also have fewer riskier sites.

One other piece of good news: Web sites that automatically install malicious software on a visitor’s computer account for just .07% of all sites. That means that most risky sites still require visitors to download a file or fill out a form.

Source: The Wall Street Journal

You must be logged in to post a comment.