You may want to think twice if you hit a site with a .cm extension. That belongs to Cameroon, pegged by McAfee as the world's riskiest domain.
McAfee's third annual "Mapping the Mal Web" report, released Wednesday, looks at riskiest and safest domains across the globe. The small nation on the west coast of Africa reached the top spot this year with 36.7 percent of its sites posing a security risk. Because .cm is often a typo for .com, McAfee said, cybercrooks like to use that domain to set up typo-squatted sites to hit you with malware.
The generic and widely used .com domain itself isn't much safer, according to McAfee, jumping from ninth last year to second this year in riskiness, with 32.2 percent of its sites potentially hazardous to your PC's health.
Romania (.ro) is tagged as the riskiest domain for malicious downloads, with 21 percent of its sites delivering payloads of viruses, spyware, and adware. The information (.info) domain is seen by McAfee as the most "spammy," with 17.2 percent of its sites generating junk mail.
On the positive side, the government (.gov) is the safest generic domain with essentially 0 percent risk, while Japan (.jp) proved the safest country domain with a rating of only 0.1 percent. Last year's riskiest domain, Hong Kong (.hk) dropped to 34th place with a risk rating of only 1.1 percent, which McAfee attributed to the country's aggressive steps to stop scam-related domain registrations.
"This report underscores how quickly cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," Mike Gallagher, chief technology officer for McAfee Labs, said in a statement. "Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."
Overall, looking at 27 million Web sites and 104 top-level domains, McAfee found that 1.5 million sites, or 5.8 percent, were risky. That's up from 4.1 percent from the past two years, although the comparison is not direct since McAfee said it changed its rating methodology since then.
McAfee noted that cybercriminals who create domains to scam people prefer registrars with cheap prices, volume discounts, and hefty refund policies. Crooks also like registrars with a "no questions asked" policy and that act slowly or not at all when informed of malicious domains.