The hackers have long used similar domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to increase significantly. This is because two new domain name extensions have been approved that could lead to an epidemic of phishing attempts.
The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They have just been introduced by Google along with the names .dad, .esq, .prof, .phd, .nexus, .foo.
But the reason .zip and .mov have generated so much controversy is that they masquerade as popular file extensions used on Windows and macOS computers. That makes them ripe for malevolent tricks.
Many messaging apps and social networking websites automatically convert a word ending in a TLD into a website link, which means that simply telling a friend about a file you want to send could transform your words into a URL on the web. which is clickable. If a hacker has already registered that URL and is using it for nefarious purposes, his friend could be sent to a harmful website.
Bleeding Computer demonstrated the problem with an example message saying: “First extract the file test.zip and then find the test.mov. Once you have the test .mov file, double click on it to view the video.” If a hacker has registered the .zip test and test.mov domains, the recipient of the message could visit the link in the message and risk downloading an infected file. After all, they might naturally expect the URL they visit to contain the file they’ve been told to download.
is already being abused
The risk is not just theoretical. In fact, the cybersecurity firm Silent Push Labs has already seen this type of sleight of hand in nature, with phishing websites created at microsoft-office.zip and microsoft-office365.zip, likely trying to steal user login credentials by posing as the official Microsoft website. It goes without saying that you should not visit these websites because of the threat they pose.
While there are many legitimate uses for .zip and .mov domains, such as file compression applications or video streaming platforms, there also seems to be potential for abuse, something that hackers are apparently already taking advantage of.
If you see a link that ends in .zip or .mov and it appears to be linked to a large company, first investigate that the domain actually belongs to that company before clicking the link. In fact, you should not visit any website or download any file sent by someone you do not trust, regardless of whether the .zip or .mov TLDs are involved. Using an antivirus application and a healthy dose of skepticism should go a long way in mitigating the myriad of threats online, including from hackers using these new domains.