Jump to content
  • Security researcher: New zip and mov top-level domains from Google pose phishing risks

    aum

    • 357 views
    • 2 minutes
     Share


    • 357 views
    • 2 minutes

    At the start of the month, Google announced several top-level domains for “dads, grads and techies”. Among the new techie domains were .zip and .mov, which also happen to be very popular file extensions. Now, the security researcher Bobby Rauch is sounding the alarm over these TLDs, warning that they could be used for phishing.

     

    In his blog post on Medium, Rauch shares two URLs and asks the reader if they can tell which one is a legitimate URL and which one is malicious, and could send the users off to malware. The two links are shown below, don’t worry, neither will send you anywhere bad, just see if you can tell which points to a zip file or zip URL.

     

     

    Hovering over the first link will bring up the bar at the bottom of your browser showing that the link takes you to https://v1271.zip, so we know this one is the malicious link. Unfortunately, many people won’t know this, could be on a mobile device, or be being rushed by the malicious actor so due diligence is not taken.

     

    According to Silent Push Labs (via Bleeping Computer), .zip and .mov domains are already being used in the wild to steal, among other things, Microsoft Account credentials.

     

    In Rauch’s blog post, he tells readers to be on the lookout for domains using fake forward slashes - U+2044 (⁄) and U+2215 (∕) - and @ operators followed by .zip files. He also says that you could avoid downloading files from URLs sent by unknown contacts and hover over the URL before clicking them to see the expanded URL path.

     

    Source: Bobby Rauch via Bleeping Computer

     

    Source

    Edited by Karlston


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...