Here is a typical scenario. You hear about a ree fle-sharing program that willallow you to download copyrighted music or ree or a fle that contains cheatcodes or your avourite game. You search or the fle, select a website thatoers it, and begin downloading. What is the chance that the site you selectwill host some orm omalware?

I the fle comes rom a site that ends in .KR(South Korea)—the chance that the site is riskyis 2.8%. I you choose a site that ends in .RO(Romania)—the chance is 21.0%, an increase o748.0%. One out o fve Romanian-registeredwebsites with downloadable fles contains someorm o potentially unwanted sotware.Why is that? When scammers andhackersconsiderwhere to register their malicious websites, theytake into account a variety o actors.

•

Lowestprice

— All things being equal, scammerspreer registrars with inexpensive registrations,volume discounts, and generous reund policies.

•

Lackofregulation

— All things being equal,scammers preer registrars with “no questionsasked” registration. The less inormation ascammer needs to provide, the better. Similarly,scammers preer registrars who act slowly, i atall, when notifed o malicious domains.

•

Easeofregistration

— All things being equal,scammers preer registrars that allow them toregister in bulk. This is especially true o phishersand spammers who need large volumes o sitesto oset the high rate o takedowns by top-leveldomain (TLD) managers.

1,400,0001,600,0001,200,0001,000,000800,000600,000400,000200,0000