Understanding the Potential Risks of Google's New Domains
In May 2023, Google introduced two new top-level domains (TLDs), .zip and .mov. While the introduction of new domains and unique branding opportunities can be exciting, it’s essential to understand the potential dangers that may arise from the use of Google’s new domains.
New opportunities, new threats
One of the primary concerns with Google’s new domains, .zip and .mov, is the increased risk of malware distribution. The .zip extension is commonly used for compressing files, and hackers sometimes exploit this familiarity by disguising malicious websites within seemingly benign .zip files. Similarly, .mov files are often associated with video content. Visiting .mov websites, even if by accident, can expose users to malicious code via a drive-by URL attack and other harmful consequences.
It doesn’t stop at malware, either. Phishing attacks pose a significant threat to online security, and the introduction of new domains like .zip and .mov provides attackers with additional opportunities for deception. Phishing websites often aim to trick users into revealing sensitive information, such as passwords or credit card details, by masquerading as legitimate platforms. With the .zip and .mov extensions now available, hackers can create convincing fake websites. For example, the following URL…
https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip
…appears to be trustworthy, but it takes the user to https://v1271.zip instead. How? Unbeknownst to many, everything between “https://” and the @ in a website link is treated as user login information. Everything after the @ is treated as the actual hostname or website. The trick is with the two Unicode characters. Although they look nearly identical to the forward slash—U+2044 (⁄) and U+2215 (∕)—browsers do not interpret them as forward slashes and treats them like any other character, like ú or ê.
Users unknowingly interacting with such websites could fall victim to credential theft and data loss.
User perception and trust
Another problem is user perception and trust. The introduction of these domains can lead to confusion with unintended behaviors. Most social media platforms and web applications try to be helpful and convert text to websites so that, for instance, archerpoint.com becomes archerpoint.com. This behavior also works for the new .zip and .mov domains. The worst part? It gets applied retroactively! If you wrote a blog, email, social media post, or tweet mentioning terms like attachements.zip or productdemo.mov, those can be turned into links to websites that hackers can buy and exploit with malicious content or a phishing website. Your reputation can be impacted by a forum post from several years ago that links your customers to malicious websites.
If you own websites utilizing .zip and .mov domains, it’s imperative to work to establish trust through robust security measures, transparency, and above all, clear communication to alleviate concerns. In the meantime, we suggest blocking all outbound traffic to .zip and .mov domains to mitigate potential risk and confusion. Inform your customers about your policies on hosted content to spread awareness and set expectations to help avoid confusion and navigate your online spaces safely.
Stay vigilant! Read more about security and ransomware attacks, and contact ArcherPoint with your security questions and concerns.