The proliferation of new Web addresses has created a free-for-all as cyber criminals race to spread malware or steal personal information with new sites, researchers say.
More than 95 percent of websites in 10 different top-level domains (TLDs) — such as .zip and .review — are rated as suspicious, according to study released Tuesday by cybersecurity firm Blue Coat.
In the early days of the Internet, there were only six common TLDs, or “neighborhoods,” including the ubiquitous .com, .org, .gov and a handful of country domains, such as .fr in France or .jp in Japan.
Since 2013, however, the number of TLDs has skyrocketed, with more than one thousand in June.
Because whoever owns a given TLD is responsible for maintaining the security of that neighborhood, they have proved fertile ground for those looking to purchase domain names to spam users, spread malware or conduct phishing campaigns.
“Ideally, all of these new registries would exercise the same level of caution in who they allow to purchase domains in their new space,” researchers wrote. “But many do not, and the Bad Guys know where to shop.”
Researchers looked at tens of millions of sites, finding that a full 100 percent of sites hosted in .zip and .review TLDs are untrustworthy.
ICANN, the organization that manages Internet domains, voted to remove many of the restrictions on generic TLD names in order to promote innovation and competition in the digital space.
The group began accepting applications for new TLDs in 2012.