Google recently introduced a number of new Top Level Domains (TLDs) that are raising security red flags all over the internet. As a quick starter, a TLD is what comes after the “.dot” – so, .com, info and .org are all examples of TLDs. In recent years hundreds of New TLDs have been introduced, like .nyc, .london, .music, and .ski. The purpose of creating the new TLDs was to give internet users different naming spaces to locate themselves and also to challenge the dominion of the .com naming space which includes roughly 80% of all registered domain names. Google’s New TLDs were noted by the company in a company blog post on May 3, 2023:
Google Registry has launched some of the most popular (and secure) top-level domains, such as .app and .dev. Today, we’re adding eight new extensions to the internet: .dad, .phd, .prof, .esq, .foo, .zip, .mov and .nexus. Read on to learn who’s already using these domains.
The TLDs that are raising concerns are the .zip and .mov domains which are identical to already existing file types that people generally associate with downloads and video files that exist on their computers. So, what happens when users get emails from .zip domain names with .zip files that are malicious and could do serious harm? Google has gone on record as saying that it does not think that this will be confusing, and any security concerns can be mitigated through its software and careful screening. Even so, there have been over 9,000 new domains added to the .zip registry just this month, and it now ranks as one of the top 250 New TLDs.
Further, The Hacker News is already reporting on a scam that is making the rounds, stating:
A new phishing technique called “file archiver in the browser” can be leveraged to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate,” security researcher mr.d0x disclosed last week.
The status and quality of sites that go up in the .zip domain space will be worth watching over the next several months. Google lowered the price of domain names in .zip significantly, with a base price of $14.99 for the year, and has seen a lot more registrations in the past several weeks as a result.
