When I got an email asking if I was interested in learning more about the shadiest neighborhoods on the Web, I had to say yes. Part of that was my own curiosity – there are so many new domains that I have wondered how safe they all are; my go-to reaction since I began writing this blog is to be skeptical of anything unfamiliar. But I also thought this would be important information to share with my readers because so many of you are looking for alternative domains that align more closely with a product or part of your business.
Blue Coat Systems looked at Top Level Domains (TLD) – what they refer to as neighborhoods – to see which ones may be most associated with malicious behaviors. Some of them are surprising, as CBS reported:
The report found that 100 percent of the websites in Blue Coat's database with the top-level domains of .zip and .review were suspicious. The other eight, including .country, .kim, .cricket, .science, .work, .party, .gq (Equatorial Guinea) and .link, were not much safer, with 96.98 percent to 99.97 percent of the websites they hosted deemed untrustworthy.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
I never would have expected science to be malicious, for instance, but as Blue Coat reported, these domains are used very specifically for scams. The .kim neighborhood, the report found, is used to mirror popular videos and images. When visitors go to this neighborhood and click on the videos or images, they end up downloading malware.
Blue Coat attributed the increase in these shady neighborhoods to the initiative from 2012 that was meant to add lots of new domains. As the report explained:
Each new TLD is under the control of an organization that has to pay a $185,000 evaluation fee to ICANN and also has to prove that it has the infrastructure and expertise to run a new TLD registry.
Ideally, all of these new registries (and all of the country code registries), would exercise the same level of caution in who they allow to purchase domains in their new space -- but many do not, and the Bad Guys know where to shop.
So what can businesses do to prevent being scammed by one of those living in these shady neighborhoods? Blue Coat suggested the easiest thing to do is to make employees aware of the worst domains and to avoid them at all costs. In fact, they should be blocked altogether from the company network. Also, users should be sure to practice safe clicking. The link in an email may not match the one you are actually led to, so take the necessary steps to make sure you are always clicking on a safe site. As Dr. Hugh Thompson, CTO for Blue Coat Systems, said in a release:
The increase in Shady TLDs as revealed by Blue Coat’s analysis is in turn providing increased opportunity for the bad guys to partake in malicious activity. In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba