McAfee maps out malware hotspots

Security firm McAfee has announced the results of a research report that creates a global map of the riskiest places to surf and search on the internet.

The McAfee SiteAdvisor Mapping the Mal Web report analyses and ranks 265 top-level domains including .jp for Japan, .fr for France and .com.

This global portrait estimates that internet users make more than 550 million clicks to risky websites every month, and that even relatively safe domains like .de for Germany and .co.uk for the UK account for millions of risky clicks.

"McAfee has created a guide book to the web's most dangerous top-level domains," said Mark Maxwell, senior product manager for McAfee's Consumer and Small Business unit.

"When it comes to safety, it turns out that the web is no different than the physical world. There are safe neighbourhoods and safe web domains, and there are places no one should ever visit."

The report provides 'red', 'yellow' or 'green' ratings to sites and search results based on proprietary tests of millions of sites representing more than 95 per cent of the trafficked web.

'Red' ratings are given to risky sites that fail one or more of McAfee's tests for adware, spyware, viruses, exploits, spam, excessive pop-ups or strong affiliations with other 'red' rated sites.

'Yellow' ratings are given to sites which pass McAfee's safety tests but which still have nuisances, such as excessive pop-ups, warranting a user advisory. 'Green' rated sites pass all of these tests.

The most risky large country domains are Romania with 5.6 per cent risky sites and Russia with 4.5 per cent risky sites. These country domains are also the most likely to host exploit or 'drive-by-download' sites.

Some web activities, like registering at a site or downloading a file, are significantly more risky when performed at certain domains.

For example, giving an email address to a random .info domain results in a massive 73.2 per cent chance of receiving spam as a result.

Other results are somewhat more uncertain. For instance, even though the .com domain is only the fifth most risky by rank, its huge popularity magnifies its impact dramatically.

Low or no-cost domain registration and minimal domain oversight appear to drive at least some of the higher levels of risk found at some top-level domains.

For example, one reason the .biz domain may be preferred by spammers is because the domains are available for immediate use, rather than after a typical 24-hour waiting period which is seen as a critical advantage in beating anti-spam services and blacklists.

"For administrators of top-level domains, this study should serve as a wake-up call. Clearly, some countries are getting it right. And the more risky top-level domains now have the role models they need to improve," added Maxwell.

However, other industry heads have questioned the usefulness of the map. Dave Rand, chief technology officer at Trend Micro, said that the problem lies with certain ISPs rather than in specific countries.

Rand believes that it is somewhat unfair to point the finger at a given country when certain service providers in that country may be working hard to eliminate spam and malware infections from PCs connected to their network.

Internet security companies should instead be focusing on "topography, not geography" and working with ISPs to minimise infection and the spread of malware rather than just reactively trying to clean up afterwards.

Copyright ©v3.co.uk

hotspotsmalwaremapsmcafeeoutsecurity