Threat Intelligence Firm Recommends Blocking All .ZIP Domains Due to Phishing

SUNNYVALE, CA – FortiGuard Labs reports that they have discovered many .ZIP domains are responsible for phishing attacks on users by automatically downloading a malicious executable titled “file.exe” to their computers.

Phishing attacks have been a thorn in the side of computer users for years due to the fact that they often are able to camouflage themselves as innocuous programs or prompts that seemingly pose no threat, but in reality can cause a great deal of damage if they are able to successfully infect your computer.

However, according to FortiGuard Labs’ Global Threat Landscape Report 2022 – released on July 17, 2023 – phishing attacks are the primary means to acquire access to computers and breach entire networks, and the .ZIP domain is the latest threat in this regard.

The report notes that TLDs (top-level domains) – such as .COM, .ORG, or .NET – are the highest level of domain names in the DNS hierarchy. But as time has gone by, slews of generic TLDs (gTLDs) have appeared that allow companies and organizations the ability to create customized addresses to reflect their brand, and it is the advent of these gTLDs that have presented threat actors and their phishing attacks new avenues of entry to exploit.

As .ZIP domains become more widely used by the public, FortiGuard said, the scope of their ability to exploit their users’ vulnerabilities has grown exponentially, especially considering the fact the phishing attacks are typically made utilizing prompts to download commonly used file extensions that may be confusing to individuals who are not tech savvy.

In the evolving #cybersecurity landscape, understanding the #phishing threat has become more critical than ever. 🎣 👩‍💻

Learn more about a new threat resulting from the addition of a new Top-Level Domain (TLD), '.ZIP' 👇 https://t.co/w61xWv5djn pic.twitter.com/ZRIbbd0iP0
— FortiGuard Labs (@FortiGuardLabs) July 25, 2023

Specific domains that are mentioned in the FortiGuard report as being dangerous include the 42zip, excelpatchzip and outlook365updatezip domains. In order to remain safe, FortiGuard recommends users block .ZIP domains at the firewall level; keep their antivirus programs, operating systems, and web browsers updated to the latest versions; and always confirm the authenticity of a website or URL that they may be visiting.

Aggregate data for new domains registered under the TLDs offered by Google since May 3, 2023, shows that “.zip” is the most popular extension by a large margin: DomainTools statistics of new domains registered for each new TLD offered by Google since May 3, 2023, show the “. zip” TLD outpacing all others.

John Colascione

About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®

Google Ceases Selling New Domains as Transition to Squarespace Continues

Google Launces New System for Creating Web Page Titles In Search Results

Scammers Sending Emails from Spoofed Authoritative Domains Via Forwarding Flaws

Leave a Reply Cancel reply