Google unleashes the .zip TLD on us
Earlier this month, Google announced the availability of a handful of new TLDs1:
Today, we’re adding eight new extensions to the internet: .dad, .phd, .prof, .esq, .foo, .zip, .mov and .nexus.
Skimming over the list, the
.mov domains stand out because they are also common file endings for archive files and video files.
Both file formats have been around for decades2 and the introduction of domains that look identical is making a lot of security professionals nervous, myself included.
The concern is that these domains will be prime opportunities for phishing attacks and other cyber-shenanigans, since it further blurs the lines between a file and a URL. This has the potential to undo a lot of the hard work done to train people to recognize malicious links.3
In a post titled The Dangers of Google’s .zip TLD, one security researcher demonstrates how such an attack would work. By combining special characters and one of these new domains (eg.
v1271.zip) to craft incredibly convincing phishing URLs:
Another concern is due to many websites and apps automatically detecting URLs in text and turning them into clickable links. So for example, old tweets where mentions of “vacationphotos.zip” in the text are turned into working URLs, now pointing to domains that are just waiting to be purchased by someone.
It didn’t take many days before attacks in the wild appeared, here’s an example from Google’s .zip Top Level domain is already used in phishing attacks:
Domains such as
microsoft-office.ziphave already been used in phishing campaigns. The latter is still online but safe browsing should warn users prior to accessing the site in question.
Many security professionals and organizations are already recommending administrators to entirely block access to these new TLDs, so perhaps hold off on buying them for your next big project.