Explosion of top-level domains opens up new security risks for web users

New, privately owned top-level domains come with exciting new security risks

The plethora of new top-level domain names has opened up users to a range of new online security risks, according to security company Blue Coat Systems.

"Over the past two years, there has been an explosion of new neighbourhoods on the web, many of which are neither safe nor friendly," it warns.

Since 2013, however, when ICANN auctioned off as many as 600 new top-level domains, taking the total to around 1,000 and earning ICANN $60m in the process, the dangers have multiplied, claims Blue Coat. "As the number of TLDs has increased, so have the opportunities for attackers," it claims in its report.

The problem, it continues, is that these new neighbourhoods, although effectively private fiefdoms, aren't necessarily strictly policed. "Ideally, TLDs would all be run by security-conscious operators who diligently review new domain name applications, and reject those that don't meet a stringent set of criteria. The reality for many of these new neighbourhoods is that this is not happening."

Dodge City: The web's "shadiest" neighbourhoods...

Rank
TLD name
% of "dodgy" sites
1
.zip
100%
2
.review
100%
3
.country
99.97%
4
.kim
99.75%
5
.cricket
99.57%
6
.science
99.35%
7
.work
98.2%
8
.party
98.07%
9
.gq (Eq. Guinea)
97.68%
10
.link
96.98%

According to Blue Coat's analysis, the main security risks arising from sites on the new TLDs include spam, scams of various kinds, and the propagation of "potentially unwanted software". Out-and-out malware, botnets and phishing were less common.

"Shady TLDs are providing fertile ground for malicious activity. Most of these websites are being leveraged by attackers in spam and scams and to distribute potentially unwanted software. Others are related to search engine optimisation/positioning or other 'junk sites' that would be classified as suspicious," it claims.

Many of the websites hosted on the new TLDs are live for less than 24 hours, and the "explosion of new TLDs has provided a nearly limitless supply of 'One-Day Wonders' for the taking".

It continued: "Sites like buu.kim and newido.kim were recently found to be serving up pages built of obfuscated JavaScript... Most of the content on these pages actually consists of image files, hosted on a malicious site called fourapp.info. Unprotected visitors to these pages are prompted to download malware.

And the safest places to go

Rank
TLD name
% of "dodgy" sites
10
.jp (Japan)
1.95%
9
.london
1.85%
8
.kw (Kuwait)
1.61%
7
.tel
1.6%
6
.gi (Gibraltar)
1.26%
5
.gov
0.96%
4
.church
0.84%
3
.ck (Cook Isles)
0.52%
2
.jobs
0.36%
1
.mil
0.24%

"In a different twist on a fake video attack, the highest-trafficked '.country' site observed by Blue Coat on a day in mid-June was part of a 'shocking video' scam network.

"This increasingly common scam leads visitors to a 'teaser page', usually designed to make them believe they are visiting YouTube, when in reality they are on a fake site that has no legitimate tie to YouTube.

"The non-working video includes fake comments immediately below it from someone wanting to know how to get the video to play, and someone else explaining that you have to 'share' or 'like' the video first, or take an online survey. When visitors follow these instructions, they either divulge personal data in the survey, or the scammers spam their Facebook friends."

To reduce the risks, organisations ought to simply block entire TLDs, advises Blue Coat, although even the supposedly safest TLDs on the web still host tens of thousands of nefarious web sites.