It’s no surprise to anyone familiar with web security that China’s domain, .cn would be near the top of the list of riskiest domains to surf when on the web. McAfee recently released their 2009 Mapping the Mal Web report, and China came in 2nd behind Cameroon as the 2nd riskiest domain. Other Asian domains making the top 5 included Samoa and the Philippines. What was surprising was that Japan topped the list of the safest country domains. Other Asian domains considered safe included Taiwan, Vietnam, Indonesia, and Malaysia. Singapore had the largest drop in safety moving from 67 last year to position 10 this year in the risky domains list. Among the other risky Asian domains were Hong Kong, South Korea, Laos and India.
While this list is interesting, you do need to be careful not to take this list as the end-all and be-all of which web sites to visit. As Mike Gallagher, CTO for McAfee labs said: “This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer. Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught.”
To give you an idea of how risky some domains were in 2009, if you visited a domain ending in .cn (China), you had an 18.6% chance of downloading a virus or other malware versus only a 0.5% for visiting a domain ending in .jp (Japan). Well known websites aren’t safe from malware either. McAfee’s last word on the matter:
Additionally, we continue to see infections of legitimate websites via SQL injection, domain hijacking and cross-site scripting. These often ephemeral infections can still result in massive drive-by exploitations that infect a web server—and the consumers who visit it—without the knowledge of the consumer, webmaster, or registrar.
So be safe when surfing the web and run some anti-malware package, no matter which website you visit.