Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,400
- Points
- 113
Fortinet specialists told you how to protect yourself from malicious traps.
Security researchers at FortiGuard Labs have discovered that attackers have discovered a new way to deceive Internet users — they register domains with the ".ZIP " extension, which is usually used to save compressed files.
TLD domains or" top-level domains "are the end segment of a domain name, such as". COM",". ORG", or ".NET", etc. Over time, hundreds of so-called "shared TLDs" or "gTLDs" have emerged that offer customized addresses for organizations and users that match their brand, such as "Z. cash", "X. team" or "Vacation.rentals".
According to the FortiGuard report, Shared TLDs have opened up new opportunities for attackers to exploit, and the availability of ".ZIP" domains for purchase has significantly expanded the use case. The advent of gTLDs has already made it harder to detect phishing attacks. Now adding the ".ZIP " domain creates confusion among inexperienced users.
For example, the domain "businesscentral[.]zip", which appeared on May 15, immediately downloaded a malicious file with the name "businesscentral [.] zip" to the user's computer. file.exe". Another domain, "chatgpt [.] zip", which was registered on May 20, offered to download an archive with the latest version of the ChatGPT chatbot, but the archive, of course, contained a malicious file.
A funny note from hackers who "caught" their victim
Another domain, "assignment [.] zip", redirected users to empty archives, and the "voorbeeld [.] zip" domain simply did not contain any content. The researchers note that no malicious activity has yet been detected for these domains, but they can be used for this in the future.
One of the real examples of the threat is the domain "42 [.] zip", which also appeared on the Network on May 15. It immediately downloads a malicious file called a "ZIP bomb", leading to unpacking a huge array of data that takes up all the available space on the victim's computer.
To protect against such attacks, FortiGuard Labs experts advise users to block". ZIP " domains on their firewalls, use web filters and browser extensions to check sites, and always look at URLs before going to them. Especially if they were sent by an unauthorized user.
You also need to regularly update your antivirus software, operating systems, browsers, and other installed software to close all potential security holes in your computer.
Security researchers at FortiGuard Labs have discovered that attackers have discovered a new way to deceive Internet users — they register domains with the ".ZIP " extension, which is usually used to save compressed files.
TLD domains or" top-level domains "are the end segment of a domain name, such as". COM",". ORG", or ".NET", etc. Over time, hundreds of so-called "shared TLDs" or "gTLDs" have emerged that offer customized addresses for organizations and users that match their brand, such as "Z. cash", "X. team" or "Vacation.rentals".
According to the FortiGuard report, Shared TLDs have opened up new opportunities for attackers to exploit, and the availability of ".ZIP" domains for purchase has significantly expanded the use case. The advent of gTLDs has already made it harder to detect phishing attacks. Now adding the ".ZIP " domain creates confusion among inexperienced users.
For example, the domain "businesscentral[.]zip", which appeared on May 15, immediately downloaded a malicious file with the name "businesscentral [.] zip" to the user's computer. file.exe". Another domain, "chatgpt [.] zip", which was registered on May 20, offered to download an archive with the latest version of the ChatGPT chatbot, but the archive, of course, contained a malicious file.
A funny note from hackers who "caught" their victim
Another domain, "assignment [.] zip", redirected users to empty archives, and the "voorbeeld [.] zip" domain simply did not contain any content. The researchers note that no malicious activity has yet been detected for these domains, but they can be used for this in the future.
One of the real examples of the threat is the domain "42 [.] zip", which also appeared on the Network on May 15. It immediately downloads a malicious file called a "ZIP bomb", leading to unpacking a huge array of data that takes up all the available space on the victim's computer.
To protect against such attacks, FortiGuard Labs experts advise users to block". ZIP " domains on their firewalls, use web filters and browser extensions to check sites, and always look at URLs before going to them. Especially if they were sent by an unauthorized user.
You also need to regularly update your antivirus software, operating systems, browsers, and other installed software to close all potential security holes in your computer.