SiteAdvisor, the domain risk assessor acquired by McAfee Associates last year, has completed an extensive scan of 265 top level domains (TLDs) (define) on the Internet, ranking sites by the percentage of malicious code found in visiting the site.

The survey found that 4.1 percent of all Web sites pose some sort of risk to a visitor, whether it's viruses, adware, spyware, phishing or some other form of malware (define).

The worst offenders are an odd mix of Slavic countries and South Pacific islands. Russia, the country where malware authors offer service contracts, was far and away the worst of the larger nations, followed by Romania. But also problematic were tiny island nations like Tokelau and Samoa.


The worst offender was a place you've probably never heard of: Sao Tome. SiteAdvisor found that 18.5 percent of all .st domains had some kind of exploit. Among the cleanest nations were Iceland, Finland, Norway and Ireland. Other notables included Australia, Singapore and Canada.

There was only one spotless domain, and that was .gov. While some U.S. citizens may think their government is full of crooks but there's no rootkits, key loggers or spyware to be found on a government Web site.

So, do the Vikings know something the Slavs and Polynesians don't, or is it all a grand conspiracy. Neither, said Mark Maxwell, senior product manager at McAfee. Rather, it has to do with how hard it is to register a domain.

"There is a direct correlation between the risk of the TLD and the hoops or barriers through which an individual has to go through to register a domain," he told internetnews.com.

For example, In addition to paying for the domain name, Australia requires verification to the government side that the entity is registering the site for legitimate business and operates within the nation's borders. Canada and Finland have similar rules for registering domains as well, he said.

With Tokelau, you can get a .tk domain for free and set it up that day. The tiny island has a population of 1,200, and is not a very wealthy one at that. Maxwell thinks the island nation tried to get in the domain sales business and is being used.

"It's my guess that this is naiveté on the part of Tokelua, not malicious intent. That being said, they are ultimately responsible for whom they are awarding their TLDs to and managing that," he said.

This article was first published on InternetNews.com. To read the full article, click here.