Hong Kong might be a lovely place to visit in person, but computer users should think twice before stopping there online.
More than 19% of websites in Hong Kong's Internet domain, .hk, pose some kind of security threat, according to a study released Tuesday by anti-virus firm McAfee Inc.
Using its free SiteAdvisor service, which rates millions of sites green, yellow or red for safety, McAfee looked at the overall risk for Web surfing in the top-level domains assigned to countries and in such generic domains as .com, .net and .edu.
Hong Kong sites zoomed from a collective ranking of 28th most risky in a similar analysis last year to No. 1 this year out of 74 top-level domains scrutinized, based on the percentage rated yellow or red.
China came in second, with nearly 12% of sites ending in .cn judged risky for behavior ranging from barraging registered visitors with unwanted e-mail to attempting to plant keystroke-loggers that steal financial information. A year ago, China was 12th.
McAfee said the most logical explanation was not that Hong Kong had suddenly become more crooked. Instead, the Santa Clara, Calif.-based company pointed to changes in the rules for registering domain names for individual sites.
Bonnie Chun, an official with the registrar for .hk, was quoted in the report acknowledging that her office had made a number of changes that were popular with so-called phishers, who send e-mail purporting to be from banks or other services in hopes that recipients disclose passwords and personal information.
Among the new features were the ability to register multiple sites at once and the ability to fill out multiple sections of the electronic forms simultaneously. Chun said the situation began improving after regulations were tightened last summer.
In China, the big allure may be price. Domain names can be had for as little as 15 cents at wholesale, the report said.
The next-most-dangerous country domains were the Philippines' .ph, Romania's .ro and Russia's .ru. Finland's .fi was the safest, followed by Japan's .jp and Norway's .no.
The overall proportion of risky sites worldwide remained the same as last year, at 4.1%. And the worst of the worst -- sites that use security holes in Web browsers and the like to push through spyware and other malicious programs -- still constituted less than one-tenth of 1% of the sites tested.
Among the generic top-level domains, .info was the riskiest and .gov the safest, McAfee found.