Architelos published a report on misuse of gTLDs in 2014. The report is based on the information of Architelos NameSentry system, that continuously monitors domain space to detect malicious usage of domains in all domain zones.
The report is particularly interesting because it summarizes the statistics of the first year of existence of new generic top-level domains. As might be expected, cyber criminals didn’t overlook them. The first case of spam spread was detected in new gTLDs in February, 2014. The first phishing domain in the new domain zones was discovered in May, the first domain that was involved in the spread of malicious software was detected in September. At the moment, about a half of all active domains registered some abuse, in 99% of the cases its spam distribution. It is noteworthy that the growth of malicious activity in the new domain zones grew slowly during the first half of 2014. At that time the share of the new domain zones where this activity was detected was about 20-25% of their total number. However, it was followed by a sharp jump: 1163 cases of spam distribution was registered in July, in August the number quadrupled to 4179.
Nevertheless, cyber criminals still prefer the «old» domains. To compare malicious activity in the domain zones of different sizes Architelos uses Namespace Quality Index (NQI), that determines the number of cases of such activity per million registered domain names. In 2014 around 11951 abuses per million domain names were detected in «old» domain zones .COM, .NET, .ORG, etc (without ccTLDs). Thus, NQI was about 1,2%. In relation to gTLDs, only approximately 12 thousand abusive domains per 3.7 million names were listed. It is 3241 cases per million names and a 0,3% NQI rating.
