An explosion in the number of new Internet addresses has created a wealth of opportunities for criminals exploiting shady domains such as .zip, .kim or .party, according to an industry study published on Tuesday.
Attackers are constantly in search of new domains for links to lead users to download malware, divulge personal data or spam their friends, and a liberalization of the Web has expanded the number of top-level domains tenfold in the past two years.
An analysis of tens of millions of websites by enterprise security company Blue Coat found the most dangerous top-level domains (TLDs) were .zip, .review and .country, while the safest new ones were .london, .tel and .church.
"Ideally, TLDs would all be run by security-conscious operators who diligently review new domain name applications, and reject those that don't meet a stringent set of criteria," Blue Coat wrote in its study.
"The reality for many of these new neighborhoods is that this is not happening."
ICANN, the body that manages Web identifiers, launched an initiative to expand the number of TLDs to promote competition and choice online. Originally, there were just six not including country codes: .com, .edu, .gov, .mil, .net and .org.
Organizations who want to sell new TLDs have had to pay a $185,000 fee to ICANN and demonstrate that they are capable of running a registry.