A warning about the "shadiest neighborhoods" on the web
If you want to stay out of trouble on the web, you had better avoid websites ending in .zip and .review as well as several others that are bastions of suspicious activity.
That is the finding of a new report from enterprise security firm Blue Coat. It came up with the 10 top-level domains (TLDs), the end part of a web address, that were most associated with suspicious websites.
The report found that 100 percent of the websites in Blue Coat's database with the top-level domains of .zip and .review were suspicious. The other eight, including .country, .kim, .cricket, .science, .work, .party, .gq (Equatorial Guinea) and .link, were not much safer, with 96.98 percent to 99.97 percent of the websites they hosted deemed untrustworthy.
Many of the "shady" domains are used solely "for the purposes of scams and spam," the report concluded, noting that the list wasn't complete since it only included information from Blue Coat's database, not every website in existence.
"Due to the explosion of TLDs in recent years, we have seen a staggering number of almost entirely shady web neighborhoods crop up at an alarming rate," Hugh Thompson, Blue Coat's chief technology officer, said.
This, in turn, provides "increased opportunity for the bad guys to partake in malicious activity," he said. "In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike."
Blue Coat analyzed hundreds of millions of web requests from more than 15,000 businesses and 75 million users to create its report, "The Web's Shadiest Neighborhoods." A domain was counted as shady if it was heavily associated with spam, malware or phishing.
For example, in case of the domain .kim, the researchers discovered websites serving up pages that mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
In a blog post on Blue Coats site, the company also singled out the .science domain for hosting sites such as "bittersharks.science," which it noted is not about angry sharks but is instead "a scammy Chinese weight-loss site." There were also questionable e-book sites with the .science domain and several that promoted academic plagiarism, offering custom-written essays for sale, it said.
On the flip side, the report identified what it said were the 10 safest domains. The safest was .mil (military) followed by .jobs, .ck (Cook Islands), .church, .gov, .gi (Gibraltar), .tel, .kw (Kuwait), .london, and .jp (Japan).
The report found that less than 2 percent of websites with these domains were shady, though it cautioned that some might have made the list because they had so few sites in Blue Coat's database. Several of those like .mil and .gov were safer, partly because of of the vetting process for the person buying the domain.
"On some of the good ones, there is usually a set of qualifications to be able to buy a domain. It's not just being able to have a valid credit card that can you charge $18 bucks on and you buy one of these domains," Thompson told CBS News.
"The average person off the street can't go and buy a .mil domain," he explained. "You have to be associated with the government. The registrar that controls that has a bunch of criteria on who you have to be. As a result of that, it's an incredibly safe TLD."
The proliferation of shady sites has been fueled by a huge increase in the numbers of top-level domains. In the early days of the web, there were only a handful to choose from including com, .net, .edu and .gov, as well as some "country code" domains like .FR (France), and .JP (Japan). But since 2013, Blue Coat said the number of domains began to rise to meet growing demand, and now has reached more than a thousand.
"For the average person, it's incredibly confusing," Thompson said.
"I think about my mom. She barely knows of how the Internet works and she knows how to get to a few sites," he said. "When you start saying that, 'Hey it's OK if they don't have a .com or .org at the end of them,' it gets harder and harder for her to develop even a sense of danger ... Maybe it's the first time a person has seen a .church at the end of a URL. It leads to some confusion, at least initially, and confusion is the breeding ground of hackers and misdeeds."
To protect yourself, Blue Coat suggest business and consumers take a number of measures including blocking traffic to the riskiest domains and refraining from clicking on links that contain these domains if they encounter them in search results, emails or on social networking sites.
The company also suggested computer users install security software that would protect against such things as malware.
"If you can have a technology safety net sitting behind you that is making judgment calls based on real data, that is obviously the best way to go," Thompson said, adding that users still need to be aware that there are good and bad sites out there on the Internet.
"Just be aware that there are bad neighborhoods online," he continued, comparing it to a bad neighborhood in the a big city. "You take a wrong turn in New York City and there is graffiti on the walls and a trash can on fire. That is kind of not a great turn you made and maybe you should get out of there."