Cameroon Domains (.cm) Most Likely to Host Malware


« 51 Month Prison Sentence for Spammer Ralsky | Main | Mega-D Spam Botnet Disabled »

12/03/2009



Cameroon Domains (.cm) Most Likely to Host Malware

Kevin R. Smith
Co-Editor


An interesting post yesterday on malware statistics at The Register caught my eye: more than one in three (36.7 per cent) of domains registered in the West African country hosting viruses or malicious code.

Cameroon domains are those that end in .cm and are easily arrived at as keyboard typos.

Imagine you've just meant to go to: www.example.com

Instead though, you've just typed: www.example.cm

That missing 'o' in .com in millions of domain names will take you to a different site than what you intended, and in this case, the .cm domain extension belongs to domains that are supposed to be site in and of Cameroon.

This little typo, according to a report called, "Mapping the Mal Web, The World's Riskiest Domains," [.pdf] by McAfee, Inc., makers of McAfee Antivirus,

"may explain why cybercriminals have set up fake typo-squatting sites that lead to malicious downloads or spyware under the country's domain."

It doesn't take a rocket scientist to figure this one out. With such an easy typo and a country not known for Internet security is all it takes to ensnare many unsuspecting computer users.

By setting up a bogus site at domains ending in .cm, the malware and virus writers are easily able to get people to visit their servers that host scripts that can automatically infect your computer with a virus, trojan, keylogger, or other malware.

Unless you're highly technically competent and can setup your own DNS server, the only practical solutions for most consumers is to do all of the following:

1. Keep your computer patched.
A PC with the latest Microsoft Windows updates is significantly harder to infect than an unpatched computer.

2. Don't run as Administrator (or with Administrator privileges.)
By running with a user account with lower permissions, it makes it harder for some viruses and malware to infect your machine.

In contrast, when you run with Admin privileges, you're giving the edge to the viruses, as your account has all the permissions they need to infect your machine, hide themselves, and become even harder to remove.

3. Check your web browser's security settings.
Sometimes, regardless of if you're running Internet Explorer, Firefox, or Opera, when you're web surfing, the default permissions can get in the way of you doing what you need to.

Because of this, you may have altered the default permissions to looser ones than can make it easier--or even enable--these types of malware attacks.

4. Run antivirus firewall software.
Internet security software, including a firewall, antivirus software, and antispyware can help prevent the malware scripts from infecting your machine.

The piece did have some positive news... it looks like Hong Kong is taking things seriously on the virus and malware front:

"Hong Kong (.hk) websites have successfully managed to purge themselves of malware threats – droppings from the most risky domain last year, to a mid-table (34th) position next year.

"This year only 1.1 per cent of .hk sites pose a risk, compared to one in five .hk Web sites setting off warning bells in McAfee's equivalent report last year.

"McAfee credits 'aggressive measures' from .hk’s domain managers in clamping down on dodgy registrations for the drop."

Hats off to the domain registrars in Hong Kong.

Top 10 Riskiest Top Level Domain Extensions1
Rank Country / Name Extension
1 Cameroon .cm
2 Commerical .com
3 China .cn
4 Samoa .ws
5 Information .info
6 Phillipines .ph
7 Network .net
8 Former Soviet Union .su
9 Russia .ru
10 Singapore .sg
1 Data originally published in McAfee's "Mapping the Mal Web, The World's Riskiest Domains," [.pdf]

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.