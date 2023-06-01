Earlier, Google opened up the registration of several new top-level domains (Top Level Domain, TLD), allowing website registration and use. Among them, the newly added .zip is the most controversial, and some network security experts pointed out that it may lead to security vulnerabilities. A few days later, network security researcher mr.dox created an attack demonstration, using a fake webpage to pretend to be the decompression file screen of Windows File Explorer and WinRar. The speed of the conversion is commendable.
In addition to .zip, the new TLDs opened by Google this time include .dad and academic-related .prof, phd, etc., a total of 8 new domains. The reason why .zip, which has received special attention from all walks of life, is controversial because some websites or applications display it as a clickable link when displaying a .zip URL with a TLD, such as setup.zip, causing a certain Some users think that it can only be used to download files directly, but in fact it can be used to guide users to another web page, thus causing security risks.
However, the industry believes that no matter what kind of phishing attack, hackers must mislead users to open malicious files. Therefore, even if .zip may cause some confusion, it will not pose a serious security risk.
While everyone was arguing, Mr.dox, a network security researcher, personally demonstrated that he developed a phishing kit that used the above-mentioned security blind spots to mislead users into thinking that the file was downloaded directly after clicking the link. A trap that lures users to open the files on the page.
mr.dox first sets up an operation page imitating the WinRar decompression tool on the registered .zip URL. When someone clicks the link, the Windows browser will display this fake WinRar page. If the user does not pay attention to it, It will think that it is the preview screen of WinRar or Windows File Explorer decompressing the downloaded file in the computer, and have the opportunity to directly open the file displayed on the screen, thus falling into the trap of hackers and letting the other party install malicious software.
mr.dox pointed out in the demonstration that the fake screen is actually not a Windows pop-up window, but the operation interface of the browser. The user can clearly write the location of the website he created from the address bar, but if the user does not Pay attention, it will be easy to get tricked. In order to increase the credibility, mr.dox not only made this webpage very authentic, but also deliberately added a Scan button for security. When the user clicks it, it will pretend to have scanned. Since it is only a conceptual demonstration, the researcher did not imitate all the page options 100%, but he reminded hackers that they can definitely further optimize the screen design.
In addition to pretending to be a .zip file, mr.dox also pointed out that hackers can use fake pdf files to lure users to open them and then instruct them to fill in the company account and password, thereby stealing login information, or using Windows to not fully display the file The practice of extending the name and disguising the malware executable file as a pdf file. It can be seen that there are still many possibilities for using .zip fraudulent methods. If you want to click on this type of domain name in the future, you must be more careful.
