More than five per cent of the sites on the web could cause security risks, according to the third annual State of the Mal Web report from security giant McAfee.
The firm scanned 27 million websites and 104 top level domains (TLDs) using its SiteAdvisor and TrustedSource technology, and judged that 5.8 per cent pose a security risk – more than 1.5 million risky web sites.
While not exhaustive, the report is a good snapshot of the state of malware on the web. Last year's most risky domain, Hong Kong's .hk, dropped to 34th spot following a clampdown on dubious registrations, while the world's most popular, .com, jumped from ninth to second most dangerous. Cameroon's .cm was judged the most dangerous.
“This report underscores how quickly cyber criminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer,” said Mike Gallagher, chief technology officer for McAfee Labs.
“Cyber criminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught.”
Cameroon's .cm domain has long been popular with domain name scammers, or typosquatters, who register sites with the intention of getting traffic from unsuspecting users who mistype '.com'.
These sites are either monetised with online ads or infected with malware and other potentially unwanted programs, said McAfee.
Over a third of .cm's were found to pose a security risk.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
