The possibility of ending a domain in .zip or .mov, allowed by Google, has set off cybersecurity alarms. Malicious URLs could be more difficult to detect.
Google has added eight new domains so that now your website can end in .dad, .prof or .phd. The expansion is aimed at specific groups such as parents or teachers and, however, the possibility of finalizing a domain with .zip or .mov has set off alarm bells among cybersecurity experts.
Although .zip and .mov files have been available in IANA DNS registries since 2014, their popularity has been boosted. Now anyone can buy a domain like “techspot.zip” or “example.mov”even though these extensions have long been used to identify ZIP-compressed files and video files, respectively.
This overlap between two widely popular file formats, such as the Zip standard created by Pkware 34 years ago in 1989, and newly registered web domains, would raise new security threats of the online ecosystem.
Experts warn of the existence of risk of users being tricked by malicious URLs shared on social networks or through emails, which would allow cybercriminals to use tools to spread malware, launch phishing campaigns or other harmful activities.
As .zip and .mov domains have been accepted in Google’s new top domain expansion, Internet services and mobile applications will be forced to consider text snippets like “test.zip” or “test.mov” as valid URLs to open in a web browser.
Google has tools for security
Google has responded to concerns raised about the new .zip and .mov domains, arguing that the risk of confusion between domains and file names is not unique to these extensions in particular.
The company believes that its registry offers the necessary tools to identify and eliminate any malicious domain in all TLDs under its control. In this sense, the company highlights its commitment to online security and the protection of Internet users.