Free domain registrations help spread malware

Cheap or free registration of new domain names helps foster Web sites used for hosting malware

Cheap or free registration of new domain names drives the growth in Web sites used for spamming or hosting malicious software, according to research from McAfee.

The study, released Monday, highlights continuing problems concerning how Web sites are registered and the ease with which bad actors can change Web sites to continue online scams.

McAfee analyzed 8.1 million of the world's most trafficked Web sites registered on 265 top-level domains (TLDs), such as ".com" and ".biz" along with country-specific ones, such as ".jp" for Japan.

McAfee offers a free tool, SiteAdvisor, that determines if Web sites send spam, host bad programs or have excessive pop-ups. McAfee, which bought SiteAdvisor in April 2006, also offers a pay version with more advanced features.

Small islands with their own TLDs remain troublesome. For example, some 18.5 percent of Web sites registered under the ".st" TLD are considered "risky" for either spam or other malicious activity, McAfee said. The TLD belongs to Sao Tome and Principe, a country of two volcanic islands west of Gabon.

Tokelau (.tk), a territory of New Zealand in the south Pacific, and Niue (.nu), also in the south Pacific east of Tonga, give out domains for free. That's good for scammers, who often need to register new domains as older ones are blocked by security software.

Niue also allows anonymous registration of Web sites. Nine years ago the country declared "no tolerance" policy against spammers, but McAfee said it wasn't a deterrent.

The safest TLDs belong to countries with stronger registration rules. Japan, Ireland, Sweden and Finland require a local postal address, while businesses in Norway have to register with the government to get a ".no" domain. Consequently, McAfee found the lowest percentage of bad Web sites in those domains.

Australia and Canada, McAfee said, require a local contact for registration, which often deters spammer since registrations take more time.

The ".info" domain ranked first among generic TLDs for its percentage of risky sites, at 7.5 percent, McAfee said. The domain also hosts many Web sites that send "spammy" e-mail, the vendor said.

SiteAdvisor submits an e-mail address to Web sites and counts how many e-mails are received. Users have a 73.2 percent chance of receiving a spam e-mail by giving their address to a random ".info" site, McAfee said.

The ".com" domain -- created in the 1980s -- came in second for risk, with 5.5 percent of its Web sites considered questionable, McAfee said.

Join the newsletter!

Error: Please check your email address.

More about McAfee AustraliaNU

Show Comments

Market Place