Alarm bells are ringing in the cybersecurity community following Google’s introduction of .zip and .mov top-level domains.
In a surprising move that has caught the cybersecurity community’s attention, on May 3, 2023, Google added the .zip and .mov to its growing list of top-level domains (TLDs), a development that has left many experts concerned. These TLDs, with their inherent association with commonly shared file types, present a new potential avenue for cybercriminals to deploy phishing attacks and malware, as detailed by Lawrence Abrams in a report for BleepingComputer published yesterday.
The concern lies in the overlap between these TLDs and the extensions for compressed files (.zip) and video files (.mov). Internet users, accustomed to seeing these extensions in the context of files, might erroneously perceive a URL ending in .zip or .mov as a benign file link. This confusion could lead to an increase in successful phishing attempts or malware downloads.
The threat isn’t purely theoretical. Silent Push Labs, a cyber intelligence firm, has already reported encountering a phishing page on a .zip domain aimed at pilfering Microsoft Account credentials. Other security researchers have begun exploring the capabilities of these new TLDs, demonstrating how they can be used to create convincing phishing links, complete with Unicode characters and URL delimiters.
However, the perceived risks associated with the .zip and .mov TLDs aren’t universally accepted. Some within the developer, security research, and IT administration communities view the fears as overstated. They argue that these TLDs, rather than presenting a significant risk, might actually provide an opportunity for novel naming conventions and creative strategies in the digital space.
Google, the driving force behind these TLDs, has responded to the concerns by assuring users that it is cognizant of the potential issues. Google told BleepingComputer, “The risk of confusion between domain names and file names is not a new one… Applications have mitigations for this… and these mitigations will hold true for TLDs such as .zip.” Google went on to assert that the Google Registry has mechanisms in place to suspend or remove malicious domains across all TLDs, including .zip, and that it would continue to monitor these domains to protect users from emerging threats.
Despite the assurances from Google, the ultimate responsibility for online safety rests with individual users. They are advised to remain vigilant when navigating the internet, especially when encountering unfamiliar links. Internet users should refrain from clicking on links from untrusted sources and should exercise caution when dealing with .zip or .mov links, investigating their origins before proceeding.
Additionally, it’s crucial to stay informed about the evolving landscape of internet security. Cybercriminals are always seeking new ways to exploit vulnerabilities, and introducing these TLDs represents just one more potential risk area. By staying informed and exercising caution, users can mitigate the impact of these new TLDs and continue to navigate the internet safely.
