Most Risky Domains in the World in 2009

Philippines, Singapore domains among top 10 risky sites in 2009, according to McAfee’s Mapping the Mal Web.

The next time you visit a website, take a closer look at its domain as it may get you in trouble. I am not talking about surfing adult websites during office hours. I am talking about visiting risky websites that compromise your privacy and data integrity. Say for example you are looking to download torrent file of Lady Gaga’s latest album. You find search results that promise free torrent download with fast connection. You download the file but ask yourself: am I downloading malware along with my favorite music?

If the domain extension is .KR (South Korea) extension the risk is small at 2.8% but if it’s .RO (Romania) the risk is high at 21%. The latest findings by McAfee reveal these numbers.

Malware growth has skyrocketed in the past years with recorded issues in first six months of 2009 almost approaching the entire number of cases of 2008. But there has been a big change in terms of offending domains. Last year’s most risky top level domain .HK (Hong Kong) fell into 34th place. Replacing .HK on top is .CM Cameroon with weighted risk of 36.7%.

Country or Name Risk Ratio
Cameroon 36.7%
Commercial 32.2%
PR of China 23.4%
Samoa 17.8%
Information 15.8%
Philippines 13.1%
Network 5.8%
Former Soviet Union 5.2%
Russia 4.6%
Singapore 4.6%

You ask why South Korean download domains are much less dangerous than their Romanian counterparts? Here are some reasons behind the disparity:

Cheap domains
Scammers love to deal business with domains that are cheap, offer generous refunds and bulk discounts.

Lack of regulation
Scammers prefer registrars that ask fewer questions, and offer the easiest, fastest and most convenient registration process. These are also registrars who take a long time to act on spam complaints.


Just note that a top level domain (.KR, .PH, .WS) tells us only where a site is registered. The website itself—its content, the servers, the owners – is often located elsewhere.

What are some of notable observations? According to McAfee:

  1. Overall, an unweighted 5.8% of all domains we tested for this report were risky. In 2007 and 2008,
    we found 4.1% of websites to be risky—rated red (avoid) and yellow (use caution). Because of changes to the methods used in this year’s report, however, we cannot say for certain that risk has increased.
  2. Web-based risk remains widely distributed. Seven of the 20 riskiest TLDs were from the Asia-Pacific region, six were so-called generic TLDs like .COM (Commercial), one was from the Americas, two from Africa, and three were from former Soviet republics.
  3. Hong Kong (.HK), which soared in 2008 to become the country TLD with the most risky registrations, dropped dramatically in overall risk to 34th place. Given changes to this year’s methodology, this improvement is even more significant.
  4. Sites registered to TLDs from the Americas are significantly less risky than the web overall, with an average risk of 1.6%. The United States TLD (.US) is the riskiest Americas TLD with a weighted risk of 5.7% and a ranking of 17th worldwide.
  5. Sites registered to Asia-Pacific TLDs are significantly riskier than the web overall, with an average risk of 13.0%. The People’s Republic of China (.CN) is the riskiest TLD in the region at 23.4%. The region also includes Japan (.JP), the web’s safest country level TLD.
  6. Europe, the Middle East, and Africa register, on average, relatively fewer risky sites than the web as a whole at 2.2%. Ireland (.IE) is the region’s least risky TLD.
  7. With a weighted risk of 32.2%, .COM (Commercial—the most heavily trafficked TLD) is the second riskiest TLD and the most risky generic TLD.

Complete reports can be accessed from Mapping the Mal Web.