The real risks in Google’s new .Zip and .Mov domains

At first In May, Google launched eight new top-level domains (TLDs): the suffixes at the end of URLs, such as “.com” or “.uk.” These little annexes were developed decades ago to expand and organize URLs, and over the years the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) has loosened restrictions on TLDs so organizations like Google can bid to sell access to more of them. But while Google’s announcement included light-hearted offers like “.dad” and “.nexus,” it also introduced a couple of TLDs that are especially primed to invite phishing and other types of online scams: “.zip” and “. mov”. .

The two stand out because they are also common file extension names. The former, .zip, is ubiquitous for data compression, while .mov is a video format developed by Apple. The concern, which is already starting to surface, is that URLs that look like filenames will open up even more possibilities for digital scams like phishing that tricks web users into clicking on malicious links that impersonate something. legitimate. And the two domains could also amplify the problem of programs mistakenly recognizing file names as URLs and automatically adding links to the file names. With this in mind, scammers could strategically buy .zip and .mov URLs that are also common file names, for example, so online references to a file with that name could automatically link to a malicious website.

“Attackers will use anything they can to get into an organization,” says Ronnie Tokazowski, a longtime phishing researcher and senior threat advisor at cybersecurity firm Cofense. “Man, this all goes back a long time. Nothing has changed.”

Researchers have already started see malicious actors buy strategic .zip URLs and start testing them in phishing campaigns. But reactions are mixed about the negative impact .zip and .mov domains will have when scams that take advantage of URL confusion are already an inveterate threat. Additionally, proxies and other traffic management tools already implement phishing protections to reduce risks if users click wrong, and .zip and .mov will simply be incorporated into those defenses.

“The risk of confusion between domain names and file names is not new. For example, 3M Command products use the domain name, which is also an important program in MS DOS and earlier versions of Windows,” Google told WIRED in a statement. “Apps have mitigations for this (like Google Safe Browsing), and these mitigations will be valid for TLDs like .zip.” The company added that Google Registry already includes mechanisms to suspend or remove malicious domains in all of the company’s top-level domains. “We will continue to monitor the use of .zip and other TLDs, and if new threats emerge, we will take appropriate measures to protect users,” the company said.

Offering more TLDs expands the number of URLs that are available to people. This means you have more options and you don’t necessarily have to pay a premium to buy the site name you want from an existing owner or a speculator who bought a bunch of historical URLs. And some in the security community feel that, given the already extensive risk of phishing attacks, additions like .zip and .mov add negligible additional danger.


Scroll to Top