Most abused TLDs in January 2010

The last statistics set is about the top level domains which got used most for hosting phishing sites and malware. There are some interesting observations.

Phishing Malware
# Top-Level-Domain % Deviation in % from December 2009 Top-Level-Domain % Deviation in % from December 2009
1 .com 51.56 -13.71 .com 57.71 42.13
2 Others 13.36 100.0 IP Address 8.02 99.56
3 .net 7.43 -34.14 Others 6.92 100.0
4 IP Address 4.79 99.7 .cn 6.66 -96.26
5 .org 3.71 -8.86 .net 4.94 -2.05
6 .pl 3.54 -165.69 .org 2.97 -58.43
7 .ru 3.02 -90,74 .info 2.67 27.95
8 .uk 2.10 -260.94 .kr 2.50 42.46
9 .kr 2.03 17.03 .ru 2.27 -67.18
10 .br 1.83 36.23 .br 1.14 -1.71
11 .fr 1.55 -3.18 .in 0.89 63.48
12 .de 1.24 38.94 .cc 0.74 59.47
13 .vc 1.11 99.50 .de 0.73 -66.31
14 .ar 0.99 70.56 .it 0.64 9.70
15 .cz 0.97 -2.26 .pl 0.62 25.16
16 .info 0.79 -55.86 .uk 0.56 8.28

As you can see, there is significantly less malware hosted in China. This is the desired effect of the changes in the registration process for chinese domains which were coming into effect a short time ago in the middle of December 2009.

Many of these phishing and malware URLs now point directly to IP addresses instead to a proper full qualified domain name.

Sorin Mustaca
Manager International Software Development

Dirk Knop
Technical Editor