"By failing to prepare, you are preparing to fail."
When .zip launched for General Availability in May 2023, it raised eyebrows across cybersecurity industries as the latest key target for phishing sites. Four months on and it appears these concerns were warranted, with 18% of .zip domains currently distributing malicious content and the majority of the other 82% currently not hosting content.
So, what is .zip, why is it so dangerous and is there anything that can be done about it?
To understand the dangers of .zip domains, we must first understand where ‘ZIP’ has come from.
ZIP is a widely used file format, that allows for lossless data compression and can contain multiple files combined and compressed into one file. This results in the compressed file taking up less storage, meaning it can be transferred to other computers more quickly than uncompressed files.
Zip files are used daily by individuals and businesses of all sizes.
The dangers with .zip domains lie with its introduction into the existing online ecosystem of traditional naming systems. Although that is a mouthful to read, the concept is easy to understand. A large percentage of software and the internet display zip files when shared as ‘filename.zip’ (like Twitter (X) for example), a decades-long habit that worked without hiccup, until the introduction of .zip domains.
This same traditional naming system for sharing .zip files, ‘testzip’, can now be easily abused by registering ‘test.zip’ as a domain. The system for directing people to domains overrides the file naming system, so instead of the expectation of downloading a file when clicking ‘test.zip’, the user would now be directed to a website. This is where the scammers come in.
Scammers are registering .zip domains to take advantage of the new override in the linking system, hosting websites with malicious content targeting vulnerable internet users.
The websites themselves can mimic a whole range of scams; they could automatically download a zip file of the same name that instead holds dangerous content or create a legitimate looking form that you are required to fill out to download your ‘content’ that instead steals your information, the possibilities are truly endless.
The biggest danger and new advantage from scammers, comes from the organic nature of the traffic. The creation of a website or file to scam an unwary internet user has always been the easiest step, the success of a scammer inevitably come down to their ability to distribute the scam as wide and efficiently as possible.
Welcome .zip domains, a scammers new best friend. Scammers no longer need to seek to entice potential victims to click on their link, instead they can sit back and passively wait for unknowing people to accidently create links to their content. Commonly created and sent zip file names such as photos. holiday. untitled. etc can now be links to domains created by scammers hosting malicious content. At the time of writing untitled.zip is currently listed for sale at 9,999 EUR on sedo.com.
The main issue here is that the links themselves appear to be legitimate as they are sent from a trusted sender and there is little to be done to avoid it. For example, you could be sat in person with a friend sending you a zip file ‘test.zip’, you see them create the file, upload it, and send you the file via 'tezt.zip’ via Twitter. However, once you click the teste.zip you are instead directed to a malicious website due to the traditional naming system, the only way to avoid the scam is not click on .zip links at all.
Users of the internet can avoid the dangers of .zip domains by avoiding .zip domains entirely and move to other compressing systems which has its own unique benefits over the traditional zip compression method. However, avoiding .zip domains entirely may not be possible for those who are dealing with zip files on a regular basis. For these users, it may be advisable to block .zip domains at the firewall level, double checking URLs before clicks, making use of web filters and ensuring you are conducting regular virus checks.
Brands that send and offer downloadable content are at the highest risk of infringement and customer deception with .zip domains. Lexsynergy recommends all brand owners to secure their trademark and mission critical domains in the .zip extension as a defensive measure.
Lexsynergy guide brands through both traditional and web3 spaces, providing strategic policy, streamlined domain management and world class assistance with online brand protection and navigating the dangers of the web. If you are a brand owner looking to secure .zip domains and experience a seamless transition of your domain portfolio with no management fees, and 24/7/365 support, then please do not hesitate to get in contact.