According to Bleeping Computer*, Cybersecurity researchers and IT admins have raised concerns over Google’s new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery.
Earlier this month, Google introduced eight new top-level domains (TLD) that could be purchased for hosting websites or email addresses. The new domains are .dad, .esq, .prof, .phd, .nexus, .foo, and the .zip and .mov domain TLDs. While the ZIP and MOV TLDs have been available since 2014, it wasn’t until this month that they became generally available, allowing anyone to purchase a domain, like bleepingcomputer.zip, for a website.
However, these domains could be perceived as risky as the TLDs are also extensions of files commonly shared in forum posts, messages, and online discussions, which will now be automatically converted into URLs by some online platforms or applications. Two common file types seen online are ZIP archives and MPEG 4 videos, whose file names end in .zip (ZIP archive) or .mov (video file).
Commentary by Jake Moore, Global Security Advisor at ESET:
“New and often strange looking website domains can make it even more difficult for users to spot scams. Websites can be spoofed very easily and with more domains available, it makes it simpler for cybercriminals to purchase similar looking web addresses to legitimate sites as well as make a file appear like a website. Typically, threat actors emulate Microsoft with phishing attacks targeting 365 account users, so it is vital that employees are more vigilant now to look out for URLs ending in .zip, which may seem genuine.
.zip and .mov domains will ultimately make it more difficult to differentiate between a genuine article and a scam, putting more pressure on individuals to carry out their due diligence. People are highly likely to mistakenly visit a scam website or download malicious software in the thought that it is a safe URL with these new options, but it acts as a reminder that people need to continue being more cautious and even suspicious of sites and files they come across.”
*ESET does not bear any responsibility for the accuracy of this information.