A recent surge in the number of Web domains -- beyond the traditional URL endings such as ".com," ".org," ".net" and ".gov" -- could create more ways for cyberattackers to reach Internet users, a new report suggests.
The Web domains most often associated with malicious activity (such as spam, phishing campaigns and attempts to install malware) include ".zip" and ".science," according to a report from Sunnyvale, California-based information security company Blue Coat. Internet users should consider blocking those domains altogether, Blue Coat recommended.
"The domains least often associated with malicious activity included ".mil" and ".gov," the report said.
The explosion in the number of top-level domains means operators can't always ensure sites are given to conscientious groups, Blue Coat malware research team leader Chris Larsen told Nextgov in an interview.
"It could be that the bad guys just never thought to try to register domains," Larsen said. But less common domains -- malicious actors could also be finding cheaper registration fees for sites on these domains -- could appear to be more legitimate links, especially to unfamiliar internet users.
Domains to block entirely, according to Blue Coat, are:
These domains have hundreds or thousands of websites associated with them, and less than 5 percent of sites associated with them rated as "normal," according to Blue Coat's records. They often include links with spam campaigns, for instance, or image files that prompt users to download malware.
A set of ".country" sites were part of a recent video scam campaign. Facebook users were lured into clicking on a link promising a "shocking video" that directed them to a site modeled after YouTube. They were then asked them to "share" or "like" the video first, propagating the spam link for other Facebook users.
Blue Coat researchers also recommended that in addition to blocking "shady" domains, users hover their mouse over links to verify they lead to trusted domains.
The safest domains -- those with less than 2 percent of sites associated with malicious activity, according to the report -- included:
- .jp (Japan)
- .kw (Kuwait)
- .gi (Gibraltar)
- .ck (Cook Islands)
For those with sites on those domains -- especially government sites -- Larsen recommended taking extra care to preserve the credibility of those sites.
"'Dot-gov' and 'dot-mil' are really safe spaces," he said. 'Dot-com' is generally OK, but there are plenty of places out there that have government- or military-related stuff that aren't on dot-gov or dot-mil sites. The more specialized the information you're looking for, the more likely it is you should stay in a dot-gov or a dot-mil space."