[ISN] Hong Kong named 'most dangerous' Net domain

From: InfoSec News (alerts@private)
Date: Thu Jun 05 2008 - 00:25:30 PDT


By Steven Schwankert
IDG News Service
June 4, 2008

Hong Kong's ".hk" is now the world's most dangerous domain for surfing 
and searching, according to a report released Wednesday by security 
company McAfee.

The Hong Kong Special Administrative Region (SAR) moved from number 28 
in 2007 to the top of the company's "Mapping the Mal Web" survey, edging 
out its northern neighbour China's ".cn," which placed second. Finland's 
".fi" was the safest, followed by Japan's ".jp."

Just over 19 percent of ".hk" contain malware, viruses, have a high rate 
of spam or feature aggressive pop-up ads, McAfee said, as determined by 
a survey of 74 top-level domains using its SiteAdvisor software. Over 11 
percent of ".cn" sites for China were similarly found to be dangerous. 
Comparatively, only 0.05 percent ".fi" sites were found to be hazardous.

However, one Hong Kong-based security analyst said the survey did not 
demonstrate any real risk as emanating from the SAR.

"McAfee are only looking at the top-level domain bit, they are not 
looking at the location of the server," said Richard Stagg, director and 
managing consultant at Handshake Networking, a vendor-independent 
security consultancy. "They're not paying attention to where sites are 
actually hosted."

The report is also not specific on the degree of "badness" of the sites 
using the ".hk" domain, Stagg said, as McAfee puts risks such as malware 
and annoyances like pop-up ads together.

Malware purveyors and spammers choose their top-level domain 
registrations based in part on where it is difficult to get a domain 
name shut down, Stagg said. There are "huge, huge numbers of organised 
crime websites and porn websites are registered with .cn domains, but 
most of them are not hosted in China," he said.

Purveyors of malware and spam choose top-level domains in part based on 
how difficult it is to shut those domains down. For example, the US 
Federal Bureau of Investigation can ask Network Solutions to close a 
.com domain, hosted in the US, within days, Stagg said, whereas it would 
have no jurisdiction with foreign domain registrars.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Thu Jun 05 2008 - 00:44:16 PDT