Tag Archives: spamhaus

These are the worst domains for harboring malware

Posted on by
By IDG News Service | PCWorld

Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.

Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the world’s top 10 “worst TLDs” on Saturday. What’s interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLD’s ratio of abusive domains compared to legitimate ones.

Over the years, lists of spam-friendly top level domains have typically had .com, .net and .org at the top. However, a TLD’s trustworthiness ultimately relies on the ability of the organization that manages it — known as the registry — to police its name space and to enforce rules for its resellers, the registrars.

If, for example, 1 percent of all .com domains were used for malicious activity, one could say that the .com registry, Verisign, is doing a relatively good job at keeping the abuse rate down. The problem is that because the .com TLD is so large, its 1 percent might represent more malicious domains than in a much smaller TLD where the rate of abusive domains is actually 50 percent.

Therefore, comparing good-vs-bad ratios is a better way to determine which registries care more about their TLDs’ reputation, something that ultimately affects their legitimate customers.

“Spam and other types of abuse continue to plague the Internet because bad actors find it very cheap and very easy to obtain thousands of domain names from the Top Level Domain registries and their resellers, the registrars,” Spamhaus said in a blog post. “A few registrars knowingly sell high volumes of domains to professional spammers for profit, or do not do enough to stop or limit spammers’ access to this endless supply of domains. These registrars end up basing their entire business model on network abuse.”

Based on Spamhaus’ data, some of the generic TLDs that have been created in recent years thanks to ICANN’s relaxed policies are not doing enough to stop abuse. This could be either because they’re inexperienced at tackling such issues or because they care more about revenue than a clean Internet.

At this time, Spamhaus’ 10 Worst Top Level Domains list looks like this: .download with 76 percent bad domains; .review with 75.6 percent bad domains; .diet with 74.3 percent bad domains; .click with 72.4 percent; .work with 65 percent; .tokyo with 51 percent; .racing with 50.8 percent; .science with 49.9 percent; .party with 45.3 percent and .uno with 42.5 percent.

Some TLD owners claim that it’s up to resellers to deal with cases of domain misuse and policy violations, but if they don’t force those resellers to take action, nothing will change, Spamhaus said. “A good number of the TLDs succeed in keeping spammers off their domains and work to maintain a positive reputation; this shows that, if they wished to, any TLD registry can ‘keep clean’.”