Russia and Romania are the country domains most likely to host ‘drive-by’ web exploits, according to a new map compiled by McAfee using its SiteAdvisor toolbar.

McAfee SiteAdvisor, a free-of-charge plug-in for Internet Explorer and Firefox, rates sites on several criteria, including dangerous downloads, spam tendencies and hosted exploits. It then posts green, yellow and red icons on search results obtained from Google, Yahoo or MSN.

McAfee applied the results of its site scanning to come up with the Flash-based map, which will be updated monthly.

"When it comes to safety, it turns out that the Web is no different than the physical world. There are safe neighbourhoods and safe Web domains, and then there are places no one should ever visit," said Mark Maxwell, a McAfee senior product manager, in a statement.

Of the major top-level country domains, 5.6 percent of the sites in Romania (.ro) and 4.5 percent of those for Russia (.ru) were among the riskiest, said McAfee. The two nations also placed second and third, respectively, in the percentage of their country domains that host malicious code.

The world's riskiest country domain was .tk, for Tokelau, a three-atoll group of islands in the South Pacific formerly known as the Union Islands. More than 10 percent of the .tk domains are pegged as dangerous, and it leads all others in the percentage of sites that harbour exploits.

Of all the generic domains - .biz, .com, .edu, .gov, .net, .org and .info - the last is easily the riskiest to visit, said McAfee. Approximately 7.5 percent of .info sites are rated as dangerous. In comparison, .com comes in at 5.5 percent and .net at 4.4 percent. The .edu and .gov domains are the safest, with 0.3 percent and 0 percent, respectively, of sites seen as risky.

Low- or no-cost domain registration and minimal domain oversight appear to drive at least some of the higher levels of risk found at some top-level domains, said McAfee. One reason that the .biz domain may be preferred by spammers, the security vendor said, is that those domains are available immediately; most others impose a 24-hour waiting period. According to the SiteAdvisor data, 13.2 percent of .biz domains will send large numbers of unsolicited e-mails to users who register at its sites.

The five safest country domains to visit are Finland (0.10 percent), Ireland (0.11 percent), Norway (0.16 percent), Iceland (0.19 percent) and Sweden (0.21 percent).

The .us domain is ranked 20th overall, with a risky-site percentage of 2.1 percent. The U.S.'s country domain, however, is used much less in the U.S. than the riskier, generic .com domain.

Because of its popularity, the .com domain accounts for an overwhelming majority of all click-on sites marked with red or yellow icons by SiteAdvisor. Last month, 86.6 percent of all risky clicks were to .com sites.