Ten top-level domains are to blame for at least 95 percent of the websites that pose a potential threat to visitors Wouldn’t it be convenient if all the spam and malware sites were all grouped together under one top-level domain — .evil, say — so that they would be easy to avoid? According to a new study from Blue Coat, there are in fact ten such top-level domains, where 95 percent or more of sites pose a potential threat to visitors.The worst offenders were the .zip and the .review top-level domains, with 100 percent of all sites rated as “shady,” according to the report.The report is based on an analysis of tens of millions of websites visited by Blue Coat’s 75 million global users. In order to protect its customers, Blue Coat has a database where it ranks websites on whether they have legitimate content, or malware, spam, scams, phishing attacks or other suspicious behaviors.“I don’t think I’ve ever personally found a legitimate .review site,” said Chris Larsen, malware research team leader at Sunnyvale, Calif.-based Blue Coat Systems, Inc. Four more top-level domains had 99 percent malicious sites — .country, .kim, .cricket, and .science.Larsen recommends that companies block all traffic to the worst-rated domains. Another way that scammers take advantage of some of the new top-level domains is through cyber-squatting.Several large US companies have been hit by extortionists registering, for example, .sex versions of their domains and offering them back to their targeted companies at an inflated price.“The bad guys could use these in very misleading ways,” he said.However, neither Congress, nor the FTC, nor ICANN nor IANA took any measures to address this.“It was hot-potatoed back and forth,” Larsen said.The reason some top-level domains are so much worse than others is that not all registrars do a good job at filtering out spammers and scammers. “They gravitate to places where they can get free or very cheap domains, no questions asked,” he said.The domain registrars themselves need to put better controls in place to make it more difficult for malicious users to set up domains.But there isn’t much pressure on them to do so, Larsen added.“No one is minding the store, as far as we can tell,” he said. Since Blue Coat started publishing reports on individual top-level domains at the beginning of the year, and so far only one — .xyz — has taken steps to start cleaning things up.“We have agreed to start sharing some data back and forth with them, and I’m hopeful that will reduce the number of bad .xyz domains that show up,” he said.The number of TLDs has exploded recently — between 1985 and 2012, the number of TLDs grew slowly, from five to 22. Today, according to ICANN, there are 1,054 top-level domains. And ICANN — the Internet Corporation for Assigned Names and Numbers — plans to allow more such domains in the future.The top one, .com, accounts for 43 percent of all websites, and the next 13 top level-domains account for another 38 percent. The other 1,040 top-level domains see less than 1 percent of site registrations each — adding up to 19 percent of all remaining domains.Of the top ten most dangerous top-level domains, the one with the most website registrations, according to ICANN, is .science, a new top-level domain with 324,833 registrations.The reason it’s so popular? Back in March, according to Blue Coat, the registrar was giving away domains for free. As a result, of the top 200 most trafficked .science sites, 96 percent were shady, mostly spam. Since then, the percent shady has risen to 99 percent.That might change — register.science has stopped giving away free domains and is now charging $16 each.Other domain registrars have kept things clean right from the start.The top-rated .mil top-level domain, for example, has very few shady sites — just 0.24 percent of all domains in the Blue Coat database.“They’re paying attention to what’s in their neighborhood, and they do some checking,” he said.The other nine least-shady top-level domains are .jobs, .ck (Cook Islands), .church, .gov, .gi (Gibraltor), .tel, .kw (Kuwait), .london and .jp (Japan).Chart: Top 10 most evil top level domains:1: .zip, 100 percent evil, 2: .review, 100 percent evil, 45,304 domains3: .country, 99.97 percent evil, 5,442 domains4: .kim, 99.74 percent evil, 8,913 domains5: .cricket, 99.57 percent evil, 27,723 domains6: .science, 99.35 percent evil, 324,833 domains7: .work, 98.20 percent evil, 68,144 domains8: .party, 98.07 percent evil, 206,914 domains9: .gq (Equatorial Guinea), 97.68 percent evil, 69,437 domains10: .link, 96.98 percent evil, 150,595 domainsSource: Blue Coat, ICANN Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe