McAfee Survey Reveals Dodgiest Domains

A security firm claims Hong Kong is home to the Internet's biggest security holes, with 19% of sites using the .hk domain posing a security risk. The country has rocketed up (or down, depending on your perspective) the charts, having been ranked just 28th-most-risky last year.

Second place in this year's study, which looks at 74 domains, went to China, which was 12th last year.

Other countries which performed poorly included Romania, Russia, and the Philippines. Finland was ranked the safest, followed by Japan and Norway.

The survey also looked at the generic domains (such as .com) which aren't country specific. Logically enough, .gov (for governments) proved safest.

McAfee carried out the survey using (and of course promoting) its SiteAdvisor service which ranks sites for safety on a traffic light system. It looked for threats ranging from viruses to excessive spamming. The survey looked at just under 10 million web pages, which McAfee say make up 95% of web traffic. Overall, the survey found that 4.1% of websites worldwide pose a security risk, with 0.1% being the most dangerous type which exploits flaws in browsers such as Internet Explorer or Mozilla Firefox. (Source: latimes.com)

It doesn't appear Hong Kong's webmasters have made a sudden turn for the dark side. The more likely explanation is that regulators have made it easier to register multiple domain names at once, or to fill in registration forms automatically rather than typing the information in manually.

While that makes the registration process simpler for honest site owners, it also makes things much easier for those who are up to no good. In particular, it's useful for 'phishers' who pose as bank staff to try to trick people into revealing account details. As part of their operation, they often register numerous variations on domain names each of which could be mistaken for the genuine site.

The explanation is even simpler in China: domain names there can cost as little as 15 cents each to register in bulk. Last year's 'most dangerous' domain (.tk) was almost entirely down to the government of Tokelau offering free and anonymous registration, a scheme it dropped this year. (Source: networkworld.com)

It's worth remembering that no country's websites are inherently more dangerous than others -- the variation in these statistics is largely down to how easy it is to buy up domain names in the first place. And the differences between last year's study and this year's results show that the people posing security risks don't really care which country's domains they use as long as their scams work.