The mind of the average cyber criminal is dark, devious place. These are people who spend considerable time thinking about how they can deceive you, the unsuspecting Internet voyager, for fun and profit.
McAfee, whose business it is to defend against the misdeeds of online malefactors, has just published its third annual “Mapping the Mal Web,” report, which provides insights into which top-level Internet domains (those suffixes at the end of web address, such as the “.com” and “.edu” designations) are the most frequent and likely harbors for malevolence.
For as long as humans use keyboards as a mechanism for alphanumeric communication, typographical errors will be with us. The Internet’s evildoers try to exploit such human frailty, which is why Cameroon’s domain, “.cm,” has risen to the top of the malware charts. All it takes is rushed keystrokes, and one can easily be transported to an Internet tar pit rather than to a desired destination.
That isn’t to say all “.com” sites are safe havens. McAfee finds that the designation for commercial sites ranks second, behind only Cameroon’s domain, as a source of online risk. Whereas McAfee assigns a weighted-risk ratio of 36.7 percent to Cameroon, it gives “.com” a ratio of 32.2 percent. (You can read about McAfee’s methodology, about the weighed-risk ratio, and about caveats associated with the study at the McAfee website hosting the report.)
The news isn’t all bad. Hong Kong (.hk) went from being the top-level domain with greatest number of risky registrations to an overall risk ranking of 34th in this year’s report. While you should never drop your guard completely while online, McAfee says your safest Internet travels will be among the domains associated with government (.gov), Japan (.jp), education (.edu), Ireland (.ie), and Croatia (.hr).
In considering where to register malicious websites, according to McAfee, scammers and hackers account for the following factors: lowest domain prices lack of domain regulatory control and supervision, and ease of registration.
Online malfeasance is a booming business. McAfee says we should not be surprised:
The evolution of malware delivery toolkits has given even the novice hacker the ability to easily create a fake bank site that challenges all but the most careful consumer to tell the difference. The persistence and proliferation of these phishing sites is in itself proof of this; absent of hacker profitability, phishing would disappear. Likewise, the explosion in the use of social networking sites and communication tools has exposed even more consumers to malware authors.
I suppose one could draw some dark inferences about humanity from the criminality manifested online. Then again, what’s new isn’t the evil, nastiness, and wrongdoing by some people against others. That’s been with us from time immemorial. What’s new, of course, is that the Internet has provided a venue in which certain criminal activities can become anonymized, unprecedentedly stealthy and surreptitious.
What this tells us is that even the best anti-malware can only go so far in providing us with online protection. Many Internet criminals are proficient social engineers. It’s incumbent on us all to rely at least as much on our wits as on our firewalls and anti-virus software.
What follows is a color-coded map, excerpted from the McAfee report, ranking countries according to the relative risk of their Internet domains.