Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Picks the Most Dangerous TLDs

Posted by CmdrTaco on from the all-fear-dot-vg dept.

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

28 of 184 comments (clear)

  1. .cx by Junior+J.+Junior+III · · Score: 4, Funny

    Home of the goatse. Danger Will Robinson!

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  2. Re:Where can I get a list of these TLD to block ou by Brian+Gordon · · Score: 3, Interesting

    What the heck? The numbers are less than 20%.. would you block out 80% of a TLD?

  3. Which is more dangerous, then? by Hawthorne01 · · Score: 5, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting.

    --
    "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
  4. Why the hell... by Jaysyn · · Score: 5, Funny

    ...would anyone want to take security advice from McAffe?

    --
    There is a war going on for your mind.
  5. not their problem by Brian+Gordon · · Score: 5, Insightful

    "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others"
    um since when is that the registrar's responsibility? they just point a domain name at an IP address-- that's the extent of the service.

    1. Re:not their problem by aredubya74 · · Score: 5, Insightful

      Exactly. I'd be much more interested in looking at the stats by assigned IP blocks. That way, network admins could blacklist those ranges at their edge, adding exceptions as needed. It's a tough game to play, but it would also give admins an idea as to what ISPs are leaving obvious botnets intact and which ones aren't.

      --

      RW

  6. Define "Dangerous" by corsec67 · · Score: 4, Interesting

    Is that dangerous to someone running IE on Windows, or dangerous to the person, like scams?

    It seems like they kind of mashed the 2 together, but that is McAfee, so I would expect them to exaggerate the dangers of browsing without McAfee.

    --
    If I have nothing to hide, don't search me
  7. sorry, but i just don't get it... by ketamine-bp · · Score: 5, Interesting

    i live in Hong Kong.

    here, if we are to register domain names, especially .com.hk, we need business registration to get it registered, same goes for .edu.hk, .org.hk etc.

    the possible exception would be .hk, but i think the HKNIC (i forgot the name..) does have reasonable abuse TOS that these bad things get cancelled... so i would be glad if they could provide us with the domain names they flagged 'dangerous' and let's see how it goes....

    1. Re:sorry, but i just don't get it... by gad_zuki! · · Score: 3, Interesting

      This issue may not be the number of shady TLD registrants, it may be the number of compromised hosts. If .hk has too many hackers or a culture of crime then they may prey on local resources and use those for international spamming/phishing. Or it may be a target for other reasons (lax computer crime laws, etc).

  8. Because there are no more good dot-coms. by Rob+T+Firefly · · Score: 4, Funny

    Not even the malware folks can get a decent domain in .com anymore, they're all in use or squatted upon.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  9. Age of website? by QuietLagoon · · Score: 5, Insightful

    I'd bet if they would find an even better correlation if they looked at the age of the website's domain registration, not the domain it was registered under.

  10. Re:I wonder... by cryptodan · · Score: 5, Funny

    I wonder where .xxx would've come in if it had been created. It would be 69%.
  11. I used Site advisor once.. by Warll · · Score: 4, Informative

    The thing is far from foolproof. When I was bored one day I decided to start clicking on just about all the Google Adwords adverts I could find. Most of them were for those scam sites, you know the kind "click here to buy Firefox, Buy supsciption to Bittorent now!" Over half the sites were green according to Site Advisor. Really I'm sure that their numbers here at least give an idea as the how "dangrous" these TDLs are, put really they are liekly far off from the truth.

  12. Chinese domains by Anonymous Coward · · Score: 5, Funny

    The problem with .cn domains: 30 minutes after you surf there, you want to surf there again...

  13. 5%, I'm surprised by goombah99 · · Score: 3, Interesting

    5% seems absurdly high.

    I wonder how the 5% was chosen? I mean how does one actually sample this in a meaningful way. For example, suppose one enumerated every possible webpage and sampled those randomly. Or, given that that is impossible, suppose one enumerated every TLD and samlpled those.

    This still would not accord with user experience. User experience is you start from some place on the web and click outward following links. Usually the starting place is some aggregator like Google.

    Following that kind of trajectory is not the same as uniformly sampling TLDs or webapges, but is how users interact.

    I can say with certainty that 5% of the links I click are not "dangerous".

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:5%, I'm surprised by gnuman99 · · Score: 3, Funny

      The 5% number cames straight out of goatse.cx's ass

  14. Word Problem Alert by Colonel+Korn · · Score: 4, Insightful

    5% of .coms, or 19% of .hk's? On a percentage basis, the .hk, .info, etc. But as a whole, my money's on .com's?.

    Bad math = bad reporting. When solving a word problem, one must find the mathematical expression that best expresses the question. You've got the wrong one.

    You're making the argument that what really matters is the total number of malicious sites in each domain, not the fraction of sites within a domain that are malicious.

    Clearly, however, the fraction is the more important metric. Consider a silly analogy:

    There are 100 violent criminals in my local jail out of a total population of 200. There are 1000 violent criminals running free in Hawaii out of a total population of 1 million. When choosing a safer place for a vacation, by your logic, I'd pick my jail, since the total number of offenders is lower. 50% of my fellows would be violent criminals. By my logic, I'd pick Hawaii, where there would be more criminals, but they'd only make up 0.1% of the people around me. I prefer my odds.
    --
    "I zero-index my hamsters" - Willtor (147206)
    1. Re:Word Problem Alert by Mr.+Underbridge · · Score: 3, Informative

      He's right. If you pick a single site to interact with, the total number of sites that share that domain doesn't matter. His analogy is spot on.

      In effect, he defined Bayes' rule for you.

  15. Interesting bits by rock56501 · · Score: 5, Interesting
    I am willing to bet that there are a lot more .com site's registered than .cn or .info or whatnot, so the fact that 5% of the .com's are flagged is huge, seeing that most people think about going to .com's before anything else.

    One other interesting note is that .05% of .gov's are listed as dangerous. So is that like from when the www.nsa.gov website left that tracking cookie on your computer or is there a actual government website out there that is actually dangerous to visitors?

  16. But what about .nu? by mangu · · Score: 5, Interesting

    Home of the complete goatse collection. Enjoy yourselves!

    1. Re:But what about .nu? by Daimanta · · Score: 5, Funny

      My God, I though you were joking. And here I was, thinking that goatse was only 1 image.

      Thanks dude, that's 12 extra therapy sessions for me.

      --
      Knowledge is power. Knowledge shared is power lost.
    2. Re:But what about .nu? by Junior+J.+Junior+III · · Score: 4, Funny

      Home of the complete goatse collection. Enjoy yourselves! <darthvader>Nuuuuuuuuuuuuuu!</darthvader>
      --
      You see? You see? Your stupid minds! Stupid! Stupid!
    3. Re:But what about .nu? by css-hack · · Score: 5, Funny

      I don't know what's worse. The fact that I clicked, or the fact that it's already slashdotted.

  17. Only on Slashdot... by Anonymous Coward · · Score: 5, Funny

    ...would a link to the full set of Goatse pictures be moderated "Interesting"

  18. Re:Where can I get a list of these TLD to block ou by eln · · Score: 4, Funny

    I think it's cute how you still think any of the TLDs are still used for their originally intended purposes.

  19. Re:Where can I get a list of these TLD to block ou by zeromorph · · Score: 3, Funny

    Here is the list: cz info nl ru st up id net biz org

    Don't forget .ng (Nigeria). I don't think anything good ever comes from that domain.

    .no - Norway

    .sh - Saint Helena
    .it - Italy

    sherlock

    --
    "Hannibal's plans never work right. They just work." Amy/A-Team
  20. Re:Numbers in names by camperdave · · Score: 3, Interesting

    I think part of it is marketing research. They know which timeslot, and which show, a particular ad with a particular numbered website is going to appear. The number of hits that they gather off of a numbered website will tell them how effective that particular ad is. That way, they can tweak their marketing strategy: ie. buy more time on certain channels, or in certain time slots, or against certain types of shows.

    --
    When our name is on the back of your car, we're behind you all the way!
  21. Re:lies, damned lies, and mcafee by mattwarden · · Score: 4, Insightful

    Um, no. You are exactly wrong, in fact. It is true that there are a greater quantity of troublesome .ru sites in your example, but given a .ru domain and a .hk domain, the .hk domain is more likely to be troublesome. The fact that there are more .ru troublesome sites out there is only a result of there being more .ru sites out there. The only thing that affects is the likelihood that a given domain is a .ru domain.

    Consider this:
    Bag 1: 7 of 10 marbles are blue
    Bag 2: 35 of 100 marbles are blue

    There are more blue marbles in bag 2, but you are far more likely to pick a blue marble in the first bag.

    The point of the article is: how much of an indication is it that a .xy domain is dangerous?