Hong Kong and China are the "most dangerous" places to surf the Web based on country domain, according to McAfee's annual assessment of the riskiest and safest places in cyberspace.

"We looked at the major categories, including exploits by drive-by downloads, spam, and downloads that come with malware such as viruses," says McAfee analyst Shane Keats about the security company's new report, titled "Mapping the Mal Web Revisited." He describes the report as a bit like a "Lonely Planet" travel guide for the Web, adding, "Danger on the Web is very fluid."

The report, based on the Web-crawling and analysis technologies that power McAfee's SiteAdvisor tool for safe Web surfing, looked at 9.9 million heavily trafficked Web sites in 265 countries ending in country domain codes, such as .br for Brazil.

McAfee also analyzed the malware consequences of visiting the more generic top-level domains, such as .com and .org. While McAfee doesn't claim to have crawled over the entire Web, it believes it viewed 95 percent of Web traffic in the top 74 countries where the Web is used the most.

While the "Information" (.info) domain name is judged by McAfee to be the most dangerous among the generic ones with 11.7 percent risky sites, it's Hong Kong and China that stand out in this year's study as dangerous on the country level.

Hong Kong (with its .hk domain) had ranked 28th in last year's study but jumped to No. 1 to gain the "most dangerous" title. China, which had ranked #11 in last year's report, jumped to the #2 spot for riskiest this year. The McAfee report says 19.2 percent of all sites tested associated with .hk were dangerous and 11.2 percent associated with .cn were.

As to why the situation in Hong Kong worsened over the past year, McAfee pointed to statements provided by Bonnie Chun, an official with the Hong Kong Domain Name Registration Company, about decisions that might have inadvertently encouraged scammers.

Among the statements attributed to Chun were making the Hong Kong online registration process "more user-friendly" by allowing registration of several domains at one time as well as "buy-one, get-two domains." As a consequence, "phishers usually registered eight or more domains at one time." Hong Kong last year began to tighten policies to rectify the situation.

China may have soared to the top spot because the country is among the most inexpensive places to register, with the wholesale price for .cn "now being about 15 cents," according to the McAfee report.

Keats adds that China may have "poor controls" on domain registration as well. Registering an e-mail address at a Chinese (.cn) Web site is "dramatically more risky than it was last year," the McAfee report states. "Test registrations receiving high-volume, spammy e-mail more than doubled, from 17.2 to 39.7 percent"

Last year's No. 1 riskiest domain was associated with the tiny island nation of Tokelau (.tk) which had made Web registration there free. But the nation now no longer offers free anonymous registration -- bringing an improvement of 85.8 percent under the McAfee rating system.

McAfee also ranked what it considers the top five "least-risky" top-level domains as Slovenia (.sl), Norway (.no), Japan (.jp), Governmental (.gov) and Finland (.fl). Each of these were said to have 0.2 percent or fewer domains rated as risky.