China Domain Name Registration Changes Could Reduce Malicious Sites, Researchers Say

When McAfee published its list of the most dangerous Web domains, China ‘s .cn domain was among the list’s familiar faces.

However, some security researchers say that may change as a side effect of China tightening its control over the Internet. Chinese authorities recently changed their domain registration process to require domain name applicants submit a formal paper-based application when making an online application to the registrar. This includes: the original application form with business seal, company business license and a photocopy of a registrant ID.

“This change will make the .cn domain very unattractive for criminals and fraudsters who are looking for domains for which they can register anonymously, preferably paying with stolen credit card information,” blogged McAfee security researcher Toralv Dirro. “This would be a great step in making the domain name space of .cn a safer place and…would in fact make China a leading example in the fight against fraudsters on the Internet.”

The new rules essentially prohibit any individual from registering a domain by limiting applicants to state-licensed businesses. The rule changes are part of a larger war Chinese officials have said they are launching against Internet porn. China’s state-run Xinhua News Agency reported today the government is tightening supervision on mobile WAP sites to curb pornography, and that nearly 3,500 suspects were detained last week in a porn crackdown.

Such efforts have stirred controversy however because they have been used in the past as a way to block political content.

Of the 27 million Websites and 104 top-level domains McAfee rated for its latest report, 5.8 percent, or more than 1.5 million, pose a security risk. In its third annual Mapping the Mal Web report (PDF), McAfee gave the .cn domain a weighted risk of 23.4 percent, meaning there is a better than one-in-five chance a .cn Web site will be malicious.

Africa’s Cameroon (.cm) domain was named the most dangerous top-level domain, and had a risk score of 36.7 percent. The safest country domain was .jp, which ranked among the top five most secure domains for the second year in a row.

Researchers over at Trend Micro researchers reacted favorably to China’s move as well, though the questioned China giving domain name applicants five days worth of leeway when it comes to receiving the paper-based application.

“Malicious URLs can infect as many users that are led to them in as little as a few minutes,” according to a post on Trend Micro’s blog. “Cybercriminals thus already benefit even if a URL is up for only a few hours. Giving the cybercriminals a total of 120 hours before a domain gets withdrawn will do very little in stopping their crimes. The new policy is indeed a good start; it is however rather unfortunate that it is not enough to stop modern threats.”