New top-level domains pose huge online security risk

The existence of a number of new top-level domain (TLD) names has left users susceptible to a number of new online security threats.

A report by security firm Blue Coat Systems has revealed that many of the newly created TLDs are proving fruitful for online attackers.

Read more: Malware using fake signatures on the rise

The Internet Corporation for Assigned Names and Numbers (ICANN) has auctioned more than 600 new top-level domains since 2013 for a total sum of approximately $60 million. However, security researchers believe that the lack of regulation surrounding these new domains has led to a greater number of online risks.

"Ideally, TLDs would all be run by security-conscious operators who diligently review new domain name applications, and reject those that don't meet a stringent set of criteria,” the report explains. “The reality for many of these new neighbourhoods is that this is not happening.”

Many of the websites hosted by the new TLDs are short-lived affairs, some of them live for less than 24 hours, but they can still have a negative effect on unsuspecting victims. Often they are used to distribute spam, collect personal information or distribute unwanted software such as adware. Others are used to improve the position of similar “junk sites” within Google’s search rankings.

The Blue Coat report describes one such video scam where users are tricked into believing they are visiting YouTube.

"This increasingly common scam leads visitors to a 'teaser page', usually designed to make them believe they are visiting YouTube, when in reality they are on a fake site that has no legitimate tie to YouTube,” the researchers explain. "The non-working video includes fake comments immediately below it from someone wanting to know how to get the video to play, and someone else explaining that you have to 'share' or 'like' the video first, or take an online survey.”

Read more: Malicious ads target Match.com

Although there is currently no way of completely avoiding malicious or misleading websites, organisations and individuals can block entire TLDs in order to give themselves some level of protection.