Security Experts Identify Potential Threats to New Top-level Domains

Highlights:

• The file extensions .zip and .mov are widely used data formats. The “ZIP” file extension is commonly associated with compressed archives, whereas “.mov” is typically used to denote video files encoded in the MPEG 4 format.
• According to reports, a researcher has discovered a method for generating URLs that appear to direct users to a valid website but instead redirect them to a harmful .zip domain upon clicking.

Two recently launched top-level domains have raised concerns among cybersecurity experts. These domains have become generally available since the beginning of this month.

On May 3rd, Google LLC released two top-level domains, along with six others. The search giant released a statement recently asserting that any cybersecurity risks that may arise are controllable and can be remedied using current breach prevention mechanisms.

Google manages a domain registry that provides top-level domains (TLDs), the suffixes at the end of URLs separated by dots. On May 3rd, the search giant released eight new Top-Level Domains (TLDs) for utilization by website operators. The top-level domains (TLDs) .zip and .mov have garnered the interest of cybersecurity professionals.

The file extensions .zip and .mov are widely used data formats. The “ZIP” file extension is commonly associated with compressed archives, whereas “.mov” is typically used to denote video files encoded in the MPEG 4 format. There is a potential risk that cyber attackers may exploit this dynamic to deceive users into clicking on harmful URLs.

As per BleepingComputer’s report, certain social media platforms and messaging applications have implemented a feature that converts the names of ZIP files shared by users into hyperlinks. The file name “document.zip” can be hyperlinked to a website with an identical address. If hackers were to host malware at the address above, it is plausible that the devices of users who click the link may become infected.

It has been observed that cyber attackers have initiated the utilization of such tactics. As per the report by BleepingComputer, Silent Push, a cybersecurity startup, has identified a website in .zip format that imitates the login page of Microsoft Corp. The website is purportedly designed to deceive users into divulging their login credentials.

Deceptive links may pose a threat to users of Chrome. As per a famous media house, the problem impacts Uniform Resource Locators (URLs) incorporated within web pages. According to reports, a researcher has discovered a method for generating URLs that appear to direct users to a valid website but instead redirect them to a harmful .zip domain upon clicking.

It is believed that specific email clients have also been impacted. It has been reported that the Apple Mail client, developed by Apple Inc., blocks URLs that aim to redirect users to a .zip domain, which is an exceptional case.

According to Google, the potential risks arising from the newly launched TLDs this month are controllable. A Google spokesperson stated, “The risk of confusion between domain names and file names is not a new one. Applications have mitigations for this (such as Google Safe Browsing), and these mitigations will hold true for TLDs such as .zip.”

As mentioned earlier, the search highlighted that the top-level domains (TLDs) are compatible with a novel cybersecurity mechanism known as HSTS preloading. As per Google’s specifications, the technology guarantees that web browsers establish connections with websites solely through encrypted network connections. Enabling HSTS preloading on a website involves adding its URL to the internal database of browsers like Chrome. Once added, the browser will only send requests in an encrypted form.