The worst offenders are an odd mix of Slavic countries and South Pacific islands. Russia, the country where malware authors offer service contracts, was far and away the worst of the larger nations, followed by Romania. But also problematic were tiny island nations like Tokelau and Samoa.
The worst offender was a place you've probably never heard of: Sao Tome. SiteAdvisor found that 18.5 percent of all .st domains had some kind of exploit. Among the cleanest nations were Iceland, Finland, Norway and Ireland. Other notables included Australia, Singapore and Canada.
So, do the Vikings know something the Slavs and Polynesians don't, or is it all a grand conspiracy. Neither, said Mark Maxwell, senior product manager at McAfee. Rather, it has to do with how hard it is to register a domain.
"There is a direct correlation between the risk of the TLD and the hoops or barriers through which an individual has to go through to register a domain," he told internetnews.com.
For example, In addition to paying for the domain name, Australia requires verification to the government side that the entity is registering the site for legitimate business and operates within the nation's borders. Canada and Finland have similar rules for registering domains as well, he said.
With Tokelau, you can get a .tk domain for free and set it up that day. The tiny island has a population of 1,200, and is not a very wealthy one at that. Maxwell thinks the island nation tried to get in the domain sales business and is being used.
"It's my guess that this is naiveté on the part of Tokelua, not malicious intent. That being said, they are ultimately responsible for whom they are awarding their TLDs to and managing that," he said.