funsec mailing list archives
Re: [mwp] Ummmm, did they actually look at any of those .info sites?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 16 May 2009 13:58:06 +1200
Rob Slade wrote:
A global provider of Internet infrastructure services, announced on May 13 that a new Global Phishing Survey reveals that the .INFO domain is the generic top-level Internet domain (gTLD) safest from phishing attacks. The results of the Survey show that, during the second half of 2008, .INFO had the lowest phishing rates and the lowest average attack duration among the gTLDs measured. .INFO´s phishing durations were half the world average. http://www.afilias.com/news/2009/05/13/new-report-shows-info-domain-safest- phishing-attacks
The point is that the APWG survey of phishing site URLs reported to APWG clearly shows that within that the data, among the gTLDs, .info has a phishing site rate, measured in phishing domains per 10,000 domains within that gTLD, of about half the rate of the average across all surveyed gTLDs. That data also shows that .info domains used for phishing are, on average, taken down more quickly than phishing domains in (most?) other gTLDs. Whether that quite equates to .info being the gTLD "safest from phishing attacks" is another question. I think that that is a meaningless claim. It _may_ be that the bad guys avoid .info domains because they have a reputation for fast takedown, or it may be that the bad guys avoid .info for other reasons (difficulty of automating registrations, or that they don't activate a new domain until some waiting time after putting a CC charge through, or???) or it may be that APWG's reporting feeds are far from representative and great scads of persistent phishing badness that hangs out in .info is going unreported (unlikely, I think, but...).
(OK, I didn't do a survey, and I am probably even working from old impressions. But it seems to me I saw an awful lot of dangerous stuff on .info sites, in comparison to actual legit material ...)
The APWG stats being referred to here take gTLD size into account and are reported as a rate. There was no attempt though to measure the "significance" or brand awareness" or such of the domains hosted in the gTLDs, so it may be that for you, or the even the world at large, the baseline significance of .info domains is very low, with you "naturally" visiting .info domains at such a low level that any .info domains popping up catches your attention. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: [mwp] Ummmm, did they actually look at any of those .info sites? Alex Eckelberry (May 14)
- Re: [mwp] Ummmm, did they actually look at any of those .info sites? Dan Kaminsky (May 14)
- Re: [mwp] Ummmm, did they actually look at any of those .info sites? Nick FitzGerald (May 15)
- <Possible follow-ups>
- Re: [mwp] Ummmm, did they actually look at any of those .info sites? Nick FitzGerald (May 15)