Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The 10 riskiest Internet domains firewall admins should block

John E Dunn | Sept. 7, 2015
Set your filters – some of the new Internet domains are not ones users should visit, even accidentally.

For years there was nothing much to be said about Internet top-level domains (TLDs). People had heard of .com, .net and perhaps a few of the country-specific suffixes such as, extended over time by a few additions such as .info and the more notorious .xxx and .sex (the latter prompted a book by a former Techworld journalist, Kieren McCarthy, telling the story of one of the most fought-over domains in Internet history but we digress).

By 2013 this change almost overnight as hundreds of new and unfamiliar domain possibilities were approved for use by Internet governing body ICANN as part of its controversial liberalisation programme that to this day many still have doubts about.

There are now more than a thousand TLDs - including famous new examples such as .buzz, .cash, .ceo, .cool, .flights, .paris, .ninja and, infamously, .sucks, used to troll celebrities, politicians and large companies. Plenty of choice then.

New research by security firm Blue Coat offers us an interesting a petty mixed picture of how the new domains possibilities are being used and, sure enough, some of them are being abused on an industrial scale to game search engines and worse.

The firm's top 10 'shadiest' domains, based on the volume of spam, malware botnets and phishing emanating from websites using them, turned up some staggering statistics (see figure 1). According to this sample, 100 percent of two domains (.zip and .review) were being used for entirely nefarious purposes while the rest on the list were only fractions of a percent off this level of criminal saturation.

top 10 shady domains
Click on image to enlarge.

It's an open and shut case that the new domains are being abused although it should also be pointed out that plenty of the old domains were exploited for the same purposes.

One surprise is the appearance of .science on the list, usually used in combination with other domain keywords. Back in March, a blog by the firm found that 96 percent of sites using this domain were dodgy but by August this had reached over 99 percent - what is going on? Blue Coat uncovered a range of scam sites, including Chinese weight loss, mysterious e-books, search engine poisoning with a number of sites offering plagiarized essays for sale.

"Due to the explosion of TLDs in recent years, we have seen a staggering number of almost entirely shady web neighbourhoods crop up at an alarming rate," said Blue Coat CTO, Dr Hugh Thompson.

"The increase in Shady TLDs as revealed by Blue Coat's analysis is in turn providing increased opportunity for the bad guys to partake in malicious activity. In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike."


1  2  Next Page 

Sign up for Computerworld eNewsletters.