Beware the .zip and .mov domains!

[rayminator]

Website names in the ZIP and MOV domains are indistinguishable from file names. How will this affect IT systems, and what will threat actors do?


We’re used to website names ending in .com, .org, .net, and so on. Recent years have seen new domain extensions appear, such as .aero, .club, and others. These are known as top-level domains (TLDs), and the list, already long, gets new additions every now and then. Google announced in May that eight more domains were available, two of these indistinguishable from popular file extensions: .zip and .mov. The move has been met with criticism from IT and infosec experts, as it pretty much guarantees confusion, a link handling mess, and new phishing patterns.

How to confuse .zip and .zip

ZIP and MOV files have been around for decades: .zip is the de facto archiving standard, and .mov is one of the most popular video containers. Google is aiming these new MOV and ZIP domains at techies, but in fact both are available to anyone and for any purpose.


Now, only context can help you figure out if a ZIP or MOV is a website or a file when you come across, say, update.zip. However, context is something humans can grasp, but not computers, so a reference like that could cause issues in all kinds of apps, such as Twitter.

more info here

You must be registered to see the links

just want to post this so other member to be aware of this so they can be careful

 

[anne O'nymous]

How will this affect IT systems, and what will threat actors do?

Not more, nor less, than with the com TLD.
But when it was created, the risks coming from the web were almost non-existent, and when those risks appeared, everyone forgot that com is also a file extension for Windows executable ; it's in fact DOS executable, but you can launch them from Windows.

The move has been met with criticism from IT and infosec experts, as it pretty much guarantees confusion, a link handling mess, and new phishing patterns.

The problem isn't the TLD, but the users bad habit and lack of attention.

However, context is something humans can grasp, but not computers, so a reference like that could cause issues in all kinds of apps, such as Twitter.

Among the issue raised by those news TLD, it's the most easy one to deal with.
Look at the URL that will be displayed at the bottom of your browser, and you'll notice the difference between "https://f95zone.to/attachment/filename.zip" and "

You must be registered to see the links

".

Same with e-mails.
If the link appear in the body of the e-mail, instead of appearing in the "attachments" part, then it's a link to a web site, not a file attached to the e-mail.

I'm way more concerned by Windows HTTP shortcuts.
Their "url" extension is always masked, even when you configured the explorer to show all extensions. Therefore the "filename.zip" you'll see can perfectly be "filename.zip.url" and then, clicking on it will not open an archive, but ask your browser to visit a malicious URL.
HTTP links generally use the icon of your browser (but it can be changed from the file), and links have an arrow automatically added in top of the icon (on the bottom left corner). So, here again being attentive is enough to counter the threat.

But, as I said, the problem is that users generally don't care and aren't attentive.


Edit: Well, parasites don't waste time, "filename.zip" is already used by GoDaddy for their usual domain scams.

 

[rayminator]

here is another video about it