This week EPIC monitors for our iGuard system analyzed the last 10,000 malware we discovered looking for trends in which top level domains are producing the most malware links. Although .coms and .nets continue to account for over half of the malware domains found, the list of nations where these sites originate is also interesting. Topping our list, .co or Columbian websites had the most hits at almost 5.1%. This was followed by .US (4.4%), UK (4.3%), .RU (4.3%), and .CN (1.5%). Interestingly, a second level domain made a strong appearance in our data. Sites containing [.myfw.us] had a larger proportion of the .US hits.
What this data tell us is that malware sites continue to use .com and .net as primary sources. Just because a site looks familiar (i.e., .com or .net) doesn’t mean that it’s safe.