The .com domain is the riskiest in terms of containing code that can steal passwords or take advantage of browser vulnerabilities to distribute malware, according to McAfee.
The security vendor analyzed more than 27 million Web sites for its report, "Mapping the Mal Web." Under its scoring method, 31.3% of .com websites analyzed are considered risky for malware distribution and attack code. That makes .com the number one riskiest top-level domain (TLD), vaulting it to first place ahead of last year's winner, Cameroon's country code top-level domain, .cm.
In addition to .com, the top five riskiest TLDs according to McAfee are: .info with 30.7% of websites presenting security risks, followed by .vn (Vietnam) at 29.4%, .cm (Cameroon) at 22.2% and .am (Armenia) at 12.1%.
In contrast, the TLDs with the fewest risks are .travel, .edu, .jp for Japan, .cat for Catalan, and .gg for Guernsey, all with .1% or fewer risky Web sites. Overall, McAfee's report indicates that 6.2% of the more than 27 million Web sites analysed pose a security risk, up from 5.8% last year.
"Several factors affect how criminals pick a TLD," McAfee says in its report. These factors include the lowest price, loosely regulated registration processes, and ease of registration since "scammers prefer registrars that allow them to register in bulk," McAfee states. "This is especially true of phishers and scammers who need large volumes of sites to offset the high rate of takedowns by TLD managers."
Vietnam is emerging as an attractive TLD for cybercriminals. "Despite Vietnam's growing allure as a vacation destination, visitors to sites registered in Vietnam (.VN) should consider it a 'no-fly zone'," McAfee suggests in its report.
The ability of registrars around the world to adequately police how domain names are used makes a difference, McAfee says.
Singapore, for example, is said to be improving in terms of stopping abuse of domain names. Lim Choon Si, general manager of the Singapore Network information Centre, is quoted in the report as saying domain-name applicants are required to show appropriate documentation related to categories of .SG, and "when SGNIC receives adverse feedback about the usage of a .SG domain name, it will investigate immediately, work closely with its registrars, and when appropriate, consult relevant agencies to ensure compliance with its registration rules."
SGNIC also works "actively with the international community, including specialized groups in Internet security and stability, to monitor and prevent potential abuse of .'SG' domain names."