Slashdot Mirror

← Back to Stories (view on slashdot.org)

Riskiest Web Domains To Visit

Posted by CmdrTaco on from the shocking-that-the-biggest-is-the-worst dept.

wiredmikey writes "According to a report released today, .COM is the riskiest top-level domain, the riskiest country domain is Vietnam (.VN). Japan's .JP ranks as the safest country domain for the second year in a row and TRAVEL as the safest overall domain. It's interesting to note that .JP (currently $89.99 at GoDaddy) and .TRAVEL ($89.99 at Moniker) domains are also some of the most expensive domains. Are cybercriminals getting cheap with other people's credit cards? Or do the higher price make it more risky?"

28 of 106 comments (clear)

  1. The higher prices... by The+MAZZTer · · Score: 3, Insightful

    ...obviously means scammers, hackers, etc can't buy as many of them, so they're going to go for the cheapies.

    1. Re:The higher prices... by Amouth · · Score: 2, Insightful

      sorry but go-daddy's 99cent registration is ensured to not be verified.. and anyone who believes they are or could do it has issues.

      yes they should be doing it by default - and they did when the net started - i remember paying 35$ a year and was voice verified and a letter. now days they don't give a shit because if they don't verify then there is nothing anyone can do.

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  2. I'll just avoid all .com domains! by jez9999 · · Score: 3, Insightful

    This is quite possibly the most pointless report ever compiled.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.
    1. Re:I'll just avoid all .com domains! by WrongSizeGlass · · Score: 2, Funny

      This is quite possibly the most pointless report ever compiled.

      Not according to travel.jp ;-)

    2. Re:I'll just avoid all .com domains! by RDW · · Score: 4, Funny

      'This is quite possibly the most pointless report ever compiled.'

      It doesn't even warn about the most dangerous TLD of all, ".pl", which is really just a trick to get the victim to execute a Perl script! URLs with this suffix usually map to a site with unintelligible placeholder text (looks like rot13 or something, e.g.: http://www.linux.pl/ ) but by the time you see this the script has already been run and the damage done!

  3. We need a new domain like .xxx by Anonymous Coward · · Score: 5, Funny

    We could call it .MALWARE or .INFECTED or .BADSTUFFINSTALLEDONYOURCOMPUTER. All the bad stuff would be relegated to this new domain.

    Please note that my idea is no less insightful than the referenced article which is very insightful.

    1. Re:We need a new domain like .xxx by PitaBred · · Score: 2, Funny

      All we have to do is check for the Evil Bit! Brilliant!

      --
      My blog. Good stuff (when I remember to update it). Read it.
  4. .cx is riskiest by Norsefire · · Score: 5, Funny

    Computers can be repaired, what has been seen cannot be unseen.

    1. Re:.cx is riskiest by tygerstripes · · Score: 5, Funny

      It's true, Christmas Island is gaping hole of malware.

      --
      Meta will eat itself
  5. Measurements? by Reilaos · · Score: 3, Interesting

    How do you measure risk?

    If a domain is 100% infected with software that cleans up your inbox for you more "risky" than one 50% infected with software that goes and registers you as a sex offender, steals your credit card numbers and posts your porn habits on the web?

  6. This Survey Will Soon Have No Meaning by damn_registrars · · Score: 2, Informative

    Since ICANN has already committed to start selling gTLDs to anyone with enough money.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  7. Even scamming is a business by sohmc · · Score: 3, Informative

    The best way to increase profit is by reducing cost.

    Buying a domain for $90 dollars is far more expensive than a domain for $5-10 bucks.

    Also, people are used to seeing ".com" addresses. .TRAVEL, et al are still relatively new.

    --
    We don't live in Shouldland.
    1. Re:Even scamming is a business by NYMeatball · · Score: 3, Insightful

      The best way to increase profit is by reducing cost.

      I know this is verging on off topic, but I have to disagree with this completely. This reminds me of the corporate tactics of today. Surely if we aren't spending money, we'll make tons of money!

      The only way this strategy ever works is when you are guaranteed to have maxed out on every single opportunity for growth, be it "vertical", "organic", "synergized" or otherwise. Cutting cost isn't always the best way to increase profit, its simply the easiest because it doesn't require any thought other than "get rid of that".

      Sorry. Off topic but I see this so often at my company that every time I see it elsewhere I rage.

  8. not unit price, but total by tverbeek · · Score: 3, Insightful

    It isn't the $89.99, but the $89.99 times 1000 junk domains.

    Plus different TLD operators have different policies: some actually police who can register, requiring that the perp put some effort into pretending to be eligible to use them. .COM obviously does not.

    There's also the factor that nobody has ever heard of .TRAVEL (so it looks bogus), but .COM is familiar and friendly-looking.

    --
    http://alternatives.rzero.com/
  9. Even more safe by Anonymous Coward · · Score: 5, Interesting

    My country domain (Bulgaria - bg) costs 130$ and only one company can sell is - register.bg. For many years we all have complained about this monopoly, there was many petitions and stuff (we won in some way - now there`re two resellers working for register.bg) but this way has some advantages for example:

    1. No one could register government like domains - president.bg and so on
    2. If you want to register company name. google.bg for example, you have to provide official registration papers for the company
    3. There isn`t even one single spam or other related issue with .bg domain, if someone try to use it for illegal purpuses register.bg will wipe the domain and file official complain to the police.
    4. Individuals cannot register .bg, they get to choose from yourname.[a-z].bg and you cannot register viagra.a.bg it got to be your real name(you can if your name is Viagra :D )

    It is in some way very restrictive and the bureaucracy is a big pain, but the country domain name is important and if someone is misusing it everyone blame the country.

  10. Handy malware domains lists by Ponyegg · · Score: 5, Informative

    I work in online advertising, specifically I look after a major UK publisher's adservers/ad-delivery. We use the following to keep an eye on identified malware delivering domains:

    http://www.malwaredomainlist.com/mdl.php
    http://www.malwaredomains.com/
    http://www.malwareurl.com/
    http://www.anti-malvertising.com/

  11. So you're telling me that.. by MXPS · · Score: 2, Insightful

    TIME.TRAVEL is finally safe to visit? I'm not buying it.

  12. Spammers use throwaway domains by mysidia · · Score: 5, Insightful

    It is more expensive to register domains on a "premium" TLD. Since fewer domains are registered on the TLDs, there will be fewer used by spammers.

    Because people black list domains used by spammers; URI-based blacklists, and RHS blacklists that blacklist by domain name. Spam filters start to recognize them, in any case.

    So spammers register thousands of domains at the cheapest prices available (probably using stolen cards or multiple shell companies)

    .NET and .COM are probably the cheapest TLDs to register throwaway domains on.

    It follows, that spam might be reduced, with greater costs or qualifications to register a domain.

    I for one would be in favor of a "paper" requirement.

    ICANN should require that every domain have a primary 'contact address' verified by the registrar that is listed in public WHOIS.

    ICANN should require registrars to verify BY PAPER certified+restricted mail to each new primary contact address, which must be an address in a country the registrar does business in, and may not be a PO Box or forwarded address.

    The registrant should be required to SIGN a document mailed, and send it back, before the domain can be placed in the zone. And the signature must match the signature on the mail slip.

    The slip signed must include a statement agreeing to the ICANN policies, and certifying that the signer is the principal, and the address provided belongs to the principal who owns the domain, and not a proxy, agent, or designee.

    And from then on, that 'contact information' can be used by the owner of THAT account to designate as the org contact for domains registered or transferred. Using a different contact for a domain, requiring going through verification again.

    For a minor inconvenience, spammers could be stopped.

  13. Risk of WHAT? by Sloppy · · Score: 2, Insightful

    Risk of what? Risk of "falling in" and coming out of your trance 3 hours later with 20 new browser tabs open? tvtropes and wikipedia are both .orgs, so I bet .org is the riskiest TLD.

    It's pretty funny: even if you RTFA it doesn't really say what the risk is. The fact that they quote McAfee implies that they're talking about a risk of Windows users deciding to download and install malware from websites, but this isn't actually stated.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  14. Surely by ninjacheeseburger · · Score: 3, Interesting

    I would of thought .gov would be the safest domain.

    1. Re:Surely by John+Hasler · · Score: 5, Funny

      Are you kidding? Visit irs.gov and a third of your income vanishs.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:Surely by SheeEttin · · Score: 2, Funny

      And ~5% of your vowels, it seems!

  15. Re:Don't give ICANN/domain registrars any ideas! by wastedlife · · Score: 3, Funny

    They can be hacked or host 3th party content (ADs?!)

    OH NOES!!! Not the dreaded thirth party content!

    Sorry, I couldn't help it. I'll probably fulfill Muphrey's law in some way with this post anyway.

    --
    Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
  16. Re:Don't give ICANN/domain registrars any ideas! by CastrTroy · · Score: 3, Informative

    HTTPS certs don't verify that the site is safe. They only verify that you're transmitting information to the specified site, and that only the specified site can read it. There's no guarantee that the site you're communicating with won't contain malware. Actually, the fact that they have a cert may make it easier for them to install malware since they can send you signed active X controls, and other great things.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  17. Re:Nice editing, again by koreaman · · Score: 2

    There is a difference between registering a domain name and paying for hosting. If you paid $56 to register a .com domain, you got ripped off. If you paid $56 for a year of hosting, you got a great deal...

    --
    Le français vous intéresse?
  18. Any safer and it'd be the death penalty by professorguy · · Score: 3, Insightful

    3. There isn`t even one single spam or other related issue with .bg domain, if someone try to use it for illegal purpuses register.bg will wipe the domain and file official complain to the police.

    So, your website gets hacked and a page is uploaded which delivers malware to visitors. It wasn't your fault, you've kept it patched and backup the logs, but the hackers had a 0-day in their toolkit.

    So now YOU lose your domain and go to jail? Nice system you got there.

  19. Tealeaf statistics, retarded summary by Arancaytar · · Score: 2, Insightful

    With a massive and diverse category like a top-level domain, the only statement you can make is "56% of malicious domains are .com"

    Concluding, from this, that ".com is the riskiest domain" is like saying "people with long hair are the least likely to murder you" based on how many murders are committed by people with long hair. Actually, it fails on two counts: Firstly, 56% of malicious domains end in .com because most domains do. A better measure would be the relative percentage of malicious domains for a given TLD.

    Even that statistic would only say anything about "risk" if you randomly picked a domain under the .com TLD (with perfectly equal chances for each). People don't use the internet like that; they use it by following links from popular sites to other popular sites. One of those neat little obvious-in-hindsight discoveries; there was a small search engine who made it big by using that.

  20. Re:Nice try by corbettw · · Score: 3, Insightful

    Which they aren't doing already?

    Just because one approach wouldn't stop all forms of spam, doesn't mean it couldn't significantly impact spam overall by eliminating one or more vectors.

    --
    God invented whiskey so the Irish would not rule the world.