[funsec] [mwp] Ummmm, did they actually look at any of those .info sites?

Nick FitzGerald nick at virus-l.demon.co.uk
Fri May 15 20:58:06 CDT 2009 

Rob Slade wrote:

> A global provider of Internet infrastructure services, announced on May 13 that a 
> new Global Phishing Survey reveals that the .INFO domain is the generic top-level 
> Internet domain (gTLD) safest from phishing attacks. The results of the Survey 
> show that, during the second half of 2008, .INFO had the lowest phishing rates 
> and the lowest average attack duration among the gTLDs measured. .INFO´s 
> phishing durations were half the world average.  
> 
> http://www.afilias.com/news/2009/05/13/new-report-shows-info-domain-safest-
> phishing-attacks 

The point is that the APWG survey of phishing site URLs reported to 
APWG clearly shows that within that the data, among the gTLDs, .info  
has a phishing site rate, measured in phishing domains per 10,000 
domains within that gTLD, of about half the rate of the average across 
all surveyed gTLDs.  

That data also shows that .info domains used for phishing are, on 
average, taken down more quickly than phishing domains in (most?) other 
gTLDs.  

Whether that quite equates to .info being the gTLD "safest from 
phishing attacks" is another question.  I think that that is a 
meaningless claim.  It _may_ be that the bad guys avoid .info domains 
because they have a reputation for fast takedown, or it may be that the 
bad guys avoid .info for other reasons (difficulty of automating 
registrations, or that they don't activate a new domain until some 
waiting time after putting a CC charge through, or???) or it may be 
that APWG's reporting feeds are far from representative and great scads 
of persistent phishing badness that hangs out in .info is going 
unreported (unlikely, I think, but...).

> (OK, I didn't do a survey, and I am probably even working from old impressions.  
> But it seems to me I saw an awful lot of dangerous stuff on .info sites, in 
> comparison to actual legit material ...)

The APWG stats being referred to here take gTLD size into account and 
are reported as a rate.  There was no attempt though to measure the 
"significance" or brand awareness" or such of the domains hosted in the 
gTLDs, so it may be that for you, or the even the world at large, the 
baseline significance of .info domains is very low, with you 
"naturally" visiting .info domains at such a low level that any .info 
domains popping up catches your attention.



Regards,

Nick FitzGerald

More information about the funsec mailing list