Sites were listed as risky if they exhibited excessive pop-ups, triggered phishing attacks, attempted to perform drive-by downloads, triggered spam, or were affiliated with other sites that were themselves considered risky. Exploit code was found on only 0.07% of all sites, or about the same rate as last year.
The overall Web average was 4.1%. The generic .com sites had a rate of 5.26%, which is bad enough. The .info domain posed the biggest risk among high-level domains, with 11.73%. Safest were the .gov sites, with a rate of only 0.05%. Even that, however, is sad, since those sites are typically government-owned, and previous surveys showed a risk rate of zero.
Among the geographic domains, the worst afflicted were the Hong Kong (.hk) sites, where 19.2% presented risks. Chinese sites (.cn) had a risk rate of 11% and Philippine sites (.ph) were 7.7% risky. In all three locations the rate of computer ownership has probably exceeded the rate of security awareness.
As for what can happen when you let your guard down, consider the case of the tiny New Zealand-run Pacific island territory (1,400 inhabitants) of Tokelau. The risk rate associated with its .tk domain amounted to 10.1% last year, but plunged to 1.43% this year after its domain registrar (located in Holland) stopped offering free unlimited anonymous site registration. (Reportedly, the registrar fees paid to the island make up 10% of that territory's revenues.)
Do your part. Be secure. Stay off the list.
Go to the bMighty Server How-To Center