In early May, Google opened registrations for 8 new gTLDs - .ZIP, .DAD, .PROF, .PHD, .MOV, .ESQ, .FOO and .NEXUS. So far, almost none of them can boast of high results and has not even scored thousands of registrations. The exception is the .ZIP domain: as of May 14, 3,286 names were already registered in it. And this is a reason not only for joy, but also for concern.
Even before the start of registration, cybersecurity experts warned that the .ZIP domain zone could be to the taste of cybercriminals. It is well known that .ZIP is a popular archive file format. But with the advent of the .ZIP gTLD, many browsers, instant messengers, and email agents will automatically treat filenames in this format as hyperlinks. And such confusion plays into the hands of attackers. For example, upon receiving such a link in an email, a user can click on it, believing that he is unpacking an archive of documents sent to him, and go to a web page designed for phishing or distributing malware. Of course, such errors are unlikely to be massive, but in order to penetrate the networks of large companies, it is quite enough for hackers to make a mistake of a single employee.
These fears are indirectly confirmed by the well-known domain blogger Kevin Murphy. On his blog, Domain Incite, he says that he studied the list of registered names in the .ZIP and found several hundred domains using the words update, attach, download and install. All these are popular terms that encourage the user to take certain actions, which will inevitably lead to the transition to a hyperlink. Murphy also identified domain names that matched various IRS and SEC documents. Of course, it can be assumed that all these domain names are registered by good registrants and with the best of intentions. But the assumption that many of them are registered fraudsters seems more likely.
