Skip to content

The real risks in Google’s new .Zip and .Mov domains

Featured Sponsor

Store Link Sample Product
UK Artful Impressions Premiere Etsy Store


At first In May, Google launched eight new top-level domains (TLDs): the suffixes at the end of URLs, such as “.com” or “.uk.” These little annexes were developed decades ago to expand and organize URLs, and over the years the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) has loosened restrictions on TLDs so organizations like Google can bid to sell access to more of them. But even though Google’s announcement included joyful offers like “.dad” and “.nexus”, also introduced a couple of TLDs that are especially primed to invite phishing and other types of online scams: “.zip” and “.mov”.

The two stand out because they are also common file extension names. The first, .zip, is ubiquitous for data compression, while .mov is a video format developed by Apple. The concern, which is already starting to surface, is that URLs that look like filenames will open up even more possibilities for digital scams like phishing that trick web users into clicking on malicious links that are pretending to be something. legitimate. And the two domains could also amplify the problem of programs mistakenly recognizing file names as URLs and automatically adding links to the file names. With this in mind, scammers could strategically buy .zip and .mov URLs that are also common file names, for example springbreak23.mov, so online references to a file with that name could automatically link to a malicious website.

“Attackers will use anything they can to get into an organization,” says Ronnie Tokazowski, a longtime phishing researcher and senior threat advisor at cybersecurity firm Cofense. “Man, this all goes back a long time. Nothing has changed.”

Researchers have already started see malicious actors buy strategic .zip URLs and start testing them in phishing campaigns. But reactions are mixed about the negative impact .zip and .mov domains will have when scams that take advantage of URL confusion are already an inveterate threat. Additionally, proxies and other traffic management tools already implement phishing protections to reduce risks if users click wrong, and .zip and .mov will simply be incorporated into those defenses.

“The risk of confusion between domain names and file names is not new. For example, 3M Command products use the domain name commando.com, which is also an important program in MS DOS and earlier versions of Windows,” Google told WIRED in a statement. “Apps have mitigations for this (like Google Safe Browsing), and these mitigations will be valid for TLDs like .zip.” The company added that Google Registry already includes mechanisms to suspend or remove malicious domains in all of the company’s top-level domains. “We will continue to monitor the use of .zip and other TLDs, and if new threats emerge, we will take appropriate measures to protect users,” the company said.

Offering more TLDs expands the number of URLs that are available to people. This means you have more options and you don’t necessarily have to pay a premium to buy the site name you want from an existing owner or a speculator who bought a bunch of historical URLs. And some in the security community feel that given the already extensive risk of phishing attacks, additions like .zip and .mov add negligible additional danger.


—————————————————-

Source link

We’re happy to share our sponsored content because that’s how we monetize our site!

Article Link
UK Artful Impressions Premiere Etsy Store
Sponsored Content View
ASUS Vivobook Review View
Ted Lasso’s MacBook Guide View
Alpilean Energy Boost View
Japanese Weight Loss View
MacBook Air i3 vs i5 View
Liberty Shield View

🔥📰 For more news and articles, click here to see our full list. 🌟✨

👍🎉 Don’t forget to follow and like our Facebook page for more updates and amazing content: Decorris List on Facebook 🌟💯

📸✨ Follow us on Instagram for more news and updates: @decorrislist 🚀🌐

🎨✨ Follow UK Artful Impressions on Instagram for more digital creative designs: @ukartfulimpressions 🚀🌐

🎨✨ Follow our Premier Etsy Store, UK Artful Impressions, for more digital templates and updates: UK Artful Impressions 🚀🌐