When it comes to the websites used by attackers to host malicious code or bump unsuspecting visitors onto their botnet, choosing a way to procure or exploit any given website must be challenging with so many options.
Scammers sometimes use rogue domain name registrars to just steal websites outright. But according to a new study from McAfee, many scammers are also pursuing a free-market approach -- serving up malicious code from websites with domain names registered in countries with low prices, easy registration and relatively few controls.
The McAfee study examined 27 million websites, and found that the world's most riskiest domain is now the top-level-domain workhorse, .COM. In terms of countries, .VN (Vietnam) is the single riskiest domain, with 29% of its registered websites ranking as risky. That's an increase from just 1% of its websites posing a risk last year. Cameroon's .CM, Armenia's .AM and the Cocos Island's .CC round out the list of riskiest domains.
Vietnam's shift highlights attackers' flexibility. "This report underscores how quickly cybercriminals change tactics to lure in victims and avoid being caught," said Paula Greve, director of web security research for McAfee Labs. "Last year, Vietnam's .VN was a relatively safe domain, and this year it jumped to the third most dangerous domain. Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught."
Meanwhile, another one of the year's riskiest domains, Cameroon (.CM), likely jumped to prominence, she said, over a typo. Omit a letter from your favorite .COM website's address, and you may land at a malicious website serving up malware via drive-by downloads that exploit known vulnerabilities. Bingo, your PC silently joins a botnet.
One fat-finger workaround is to search for domain names via Google. But Google isn't 100% safe either, thanks to concerted efforts by attackers to poison its search results.