[funsec] [mwp] Ummmm, did they actually look at any of those .info sites?
nick at virus-l.demon.co.uk
Fri May 15 20:58:06 CDT 2009
Rob Slade wrote:
> A global provider of Internet infrastructure services, announced on May 13 that a
> new Global Phishing Survey reveals that the .INFO domain is the generic top-level
> Internet domain (gTLD) safest from phishing attacks. The results of the Survey
> show that, during the second half of 2008, .INFO had the lowest phishing rates
> and the lowest average attack duration among the gTLDs measured. .INFO´s
> phishing durations were half the world average.
The point is that the APWG survey of phishing site URLs reported to
APWG clearly shows that within that the data, among the gTLDs, .info
has a phishing site rate, measured in phishing domains per 10,000
domains within that gTLD, of about half the rate of the average across
all surveyed gTLDs.
That data also shows that .info domains used for phishing are, on
average, taken down more quickly than phishing domains in (most?) other
Whether that quite equates to .info being the gTLD "safest from
phishing attacks" is another question. I think that that is a
meaningless claim. It _may_ be that the bad guys avoid .info domains
because they have a reputation for fast takedown, or it may be that the
bad guys avoid .info for other reasons (difficulty of automating
registrations, or that they don't activate a new domain until some
waiting time after putting a CC charge through, or???) or it may be
that APWG's reporting feeds are far from representative and great scads
of persistent phishing badness that hangs out in .info is going
unreported (unlikely, I think, but...).
> (OK, I didn't do a survey, and I am probably even working from old impressions.
> But it seems to me I saw an awful lot of dangerous stuff on .info sites, in
> comparison to actual legit material ...)
The APWG stats being referred to here take gTLD size into account and
are reported as a rate. There was no attempt though to measure the
"significance" or brand awareness" or such of the domains hosted in the
gTLDs, so it may be that for you, or the even the world at large, the
baseline significance of .info domains is very low, with you
"naturally" visiting .info domains at such a low level that any .info
domains popping up catches your attention.
More information about the funsec