Concerns over Malicious URLs with the New Top-Level Domain Names
Introduction
Two new top-level domain names – .zip and .mov – are causing concern among security researchers as they increase the possibilities of constructing malicious URLs that even tech-savvy users might mistakenly fall for. Google announced the domains in May, and they’ve faced criticism from the security community since then. The risk seems huge as phishing links involving these domains can attract unsuspecting users into accidentally downloading malware.
Details of the Concerns
Security researcher Bobby Rauch has listed two apparently identical URLs that appear to go to the same place in a post on Medium. However, using Unicode slashes and an “@” sign, along with the .zip domain extension, the URLs might initially appear harmless but can redirect users to an attacker’s website instead. Mimicking a file extension is only one component of the lookalike attack. Combinations such as .zip or .mov extensions add to the risk. Cybersecurity providers, including Trend Micro, have warned users to identify malicious files correctly. Vidar info-stealer, for instance, uses fake URLs to download a “Zoom.zip” file to the victim’s system, making the .zip domain extension more effective. However, Google pointed to other confusing domains, such as 3M’s command.com domain, as a way to argue that the situation is not new. The company also stated that applications have provisions to mitigate risks.
The Opinion of Security Experts
The risk of making links effective seems to surpass any benefit that the domains’ extensions may bring. Eric Kron, Security awareness advocate at KnowBe4, comments that “it’s the ‘why are we doing this?’ that gets me, and frankly, it’s just a bad idea, right?…” and that “Bad actors have been using .zip files and compressed files to get people to download malware for eons, and then to make a top-level domain that the general public is going to associate with [legitimate files] … we are really opening the doors to some very easy trickery here.”
Status so Far
The domain names have already sparked some confusion, as some tools, such as Google‘s own malware identification service VirusTotal, mistake filenames with the .zip extension with URLs with the .zip TLD. Researchers have found scant evidence of actual phishing campaigns so far, but the potential for constructing phishing attacks has increased since the domains’ launch.
Advice and Suggestions
While it is likely that the creation of file-extension-lookalike domain names will lead Google and other browser makers to adopt warnings in their software and alert users when a domain uses new or special Unicode characters that could be confused for legitimate URLs. However, users will still need to check links carefully, and companies can restrict new domain names until cybersecurity providers can examine them and assign them a reputation score. Users who are more aware of these new domains and best security practices are the best defense against these types of attacks.
Conclusion
The question is whether the risk of creating domains that could be masked to cause phishing attacks that are more effective outweighs any advantage the domains’ extensions bring, given that these risks are not new and have been present for years. In conclusion, while the domains may introduce more possibilities for social engineering, the best security practice and user awareness could be a solution that helps reduce these risks.
<< photo by Alina Skazka >>
You might want to read !
- The Dangers of AI-Powered Scammers in China
- Android App Update Turns Popular App Into Spyware with 50,000 Downloads
- “10 Key Factors to Consider When Choosing a SAST Solution for Your Business”
- Ransomware Campaigns: Unpacking the Three Common Initial Attack Vectors
- Navigating the Terrain of AI Security: 10 Types of Attacks CISOs Must Watch Out For
- Cybercriminals Increase the Use of Social Engineering Techniques and Malware, According to Netskope Study
