Security Risks from New .MOV and .ZIP Domains

[shakilhasan15]

In early May 2023, Google announced the introduction of eight new domain extensions, including .zip and .mov. This has raised concerns about security, as they may be among the most attractive extensions for cybercriminals intent on weaving their traps on the web.

Table of Contents:

Why Some New Domains Are of Concern
The main threats coming from the new .mov and .zip domains
How to prevent attacks carried out through some domains managed by cyber criminals?
Why Some New Domains Are of Concern
The introduction of some new domains by Google has raised more than a few concerns. In fact, in terms of security these top-level domains can hide ambiguities.

The reason for this statement is very simple. The .zip and .mov domains also represent the extensions of ZIP archives and video files, respectively. The concern is that these extensions, due to their similarity to common file names, will open the doors even more to scams such as phishing. Users may not realize the danger and easily fall into a trap, downloading files that contain malicious code.

The main threats coming from the new .mov and .zip domains
Cybercriminals have already explored the possibility of registering .mov and .zip domains with the aim of exploiting them as a vector for attacks, especially phishing, so as to deceive users and steal personal and sensitive data. In fact, it may not be easy for the user to understand whether they are dealing with a file or a website since the new TLDs have been introduced as a sort of indicator of the type of site they are visiting.

The strategy used by cybercriminals is to register domain israel telegram phone number list that use very well-known terms and are linked to services or software known to users. This type of technique is used to trick users into entering their credentials and other personal information, making them believe that it is a reliable and legitimate channel.

Let’s take the example provided by Bobby Rauch, a cybersecurity expert. Rauch invited readers to identify which of the following two URLs is “a malicious phishing that drops evil.exe”:


The first URL is the one that triggers the download of the malicious file. In fact, there are two aspects to consider:



includes the unicode character “∕” (U+2215) instead of the slash “/”;
features the “@” character which, in combination with “∕”, generates a fictitious domain. The user will reach the domain following the “@”, in this case “ v1271.zip “.
The second URL, on the contrary, starts the download of a legitimate Kubernetes zip file from the official GitHub repository.