New .zip domain is already being abused by cyber criminals
Since May 2023, .zip domains can be registered and used. There are already over 1200 newly registered internet addresses. Some of these are already being misused by cyber criminals.
Practically everyone is probably familiar with the ZIP file format for data compression. The fact that .zip has also been a top-level domain (TLD) since May 2023 is probably less well known. There are therefore new websites that can be www.prin.zip or different. The .zip TLD was approved back in 2014, but Google only released it for public registration on 3 May 2023. As can be seen from the press release, seven other domains were also added on this date. For example, the .dad domain.
As of 12 May, according to the Internet Storm Center (ISC), 1230 new .zip domains have already been registered. Most of them do not yet show any web content. In addition to the new .zip TLD, there are also several others that have been in use for around ten years and are special. These are so-called generic top-level domains (gTLDs), which allow various brands to use their name as a domain. For example, the use of .google instead of google.com. If you want to have a gTLD created, you have to pay for the application in advance and receive no guarantee that it will be realised. Nevertheless, there are already dozens of gTLDs. These include the new .zip domain, which costs around 15 US dollars per year.
Source: Martin Jud
Some .zip domains are already being actively exploited and contain phishing content - like the fake, replica login page shown above. It pretends to be from Microsoft and tries to steal your password. In addition to microsoft-office (.) zip, the domain officeupdate (.) zip has also been registered.
Source: Martin Jud
Of course, suppliers of security solutions are not idle and are blocking the cybercriminals' websites that are already known. This results in a cat-and-mouse game between new threats popping up and recognising them as such.
Phishing and other malware targeting the internet community is the norm. However, the scam in combination with .zip results in a higher potential to be criminally successful.
If you read a great Office trick in a manual and an associated file Office-Patch.zip is linked inline, you should exercise caution anyway. The file could contain a malicious programme, a Trojan or other malware. So only click on the link with the ZIP file if you trust the creator of the web content and the file hoster. However, a linked ZIP file and the link to a .zip domain look similar. So www.office-trick (.) com/microsoft-office.zip and www.microsoft-office (.) zip.
To combat the new problem, Johannes B. Ullrich, Ph.D., Dean of Research at ISC, points out that "given the low 'real-world' usage of .zip domains, it may be best to block access to them until it is clear whether they are useful". The solution that admins first block all domains is radical, but certainly not a bad idea in view of the impending danger. Apart from that, there's only one thing left to do: keep your eyes open and your brain on!
Cover image: Shutterstock
I find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.