Jump to content

Want a new Google zip domain? It could be a serious security risk


Recommended Posts

Want a new Google zip domain? It could be a serious security risk

Source: Techradar.pro IT Insights For Business

Quote

Google rolls out some new domains, but security experts aren't convinced

Google recently unveiled (opens in new tab) eight new top-level domains (TLDs) designed to inspire fathers (.dad), graduates (.prof, .phd, and .esq), and tech enthusiasts (.foo, .zip, .mov, and .nexus), but at least two of those present a significant cybersecurity risk, experts have warned.

 

The TLDs in question - .zip and .mov - share their name with common file formats (ZIP archives and video files) that exist outside of the Internet’s four walls, which many cybersecurity experts are calling out for being misleading.

 

While other similarly vulnerable TLDs have been rolled out in the past, such as .docs, the introduction of two more increase the chances of a scam or phishing attack, giving threat actors more routes.

 

.zip and .mov TLD risk

A legitimate website with any TLD, including ‘dangerous’ examples like .zip, could include a help section describing the process required to open a zipped file, for example. Should that file be named - in our case, example.zip - a user’s browser may then automatically add a hyperlink because it knows that .zip is a legitimate TLD, even though in our case the page refers to a local file and not a website.

While the file itself is safe, a threat actor could have already registered a website under that domain in the hope that unsuspecting users click on hyperlinks that lead them to a malicious page that could be the host to malware, phishing attacks, or other scams.

 

Already, a series of concerning domains have been registered under the new and risky TLDs in the hope that someone, somewhere, has referred to the file name on a web page, which will then be converted to a hyperlink to their malicious site.

While there are some steps that a user can take to be more savvy when it comes to following potentially risky links, some of the responsibility must ultimately fall with Google. The company did not immediately respond to TechRadar Pro’s request for comment.

And with that in mind, take a look at the bad actors already using these domains as a phishing site here at VirusTotal as well as on ghacks

Edited by Firefox
  • Like 2
  • Thanks 1
Link to post
Share on other sites

"The top level domain was approved in 2014 but it took Google until May 2023 to unlock it for public registration alongside seven other domain extensions." One could only guess at the reasons, beside price.

"For now, there is little reason to access .zip domains; this may change if legitimate companies and software developers announce that their products are now also available on a specific .zip domain." I hope the legitimate companies and software developers use common sense.

Link to post
Share on other sites

From Reddit:

Quote

A significant amount of software automatically converts parts of text that appear to be URLs (even without an explicit protocol) into clickable links. These include mail clients, messengers, internet forums, social media sites, CMS systems, text editors, etc.

In my opinion, that's a problem with the software, not the domain.

Edited by sp123
  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.