Lmst

#dotZIP

Block the entire dot-zip top-level domain
https://youtu.be/V82lHNsSPww
[ThioJoe] discovers that Zip filenames in old posts are being converted to links to malware websites retroactively

#dotZip #malware #Google #security

Advice for anyone who is concerned enough about the #DotZip TLD, to want to replace the .ZIP archive file format with an alternative.

Please don't pick the (commercial, closed-source) RAR.
#7Zip is free, open-source, and creates smaller archive files.

RAR software is Windows-only. Any software for handling .rar files on any other OS is unofficial.

7Zip is free to use forever, not just for the trial period.

Bonus: there will never be a .7z TLD.

Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?

htt‍ps://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip

htt‍ps://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip

Read it all:

🔗 https://scribe.rip/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5

/cc [ #dotZip | #zipTLD | #phishing | #security ]

Two URLs showing the danger of .zip domains: while almost identical, one will download PostgreSQL v15, and the other resolves to the v15.zip domain.

@dangillmor already #dotZIP & #dotMOV are basically exclusively used for #Malware & #Phishing to the point that I'd not be surprised if bir corpirations will just rollout #hostfile|s that redirect #zip & #mov - domains onto some warning site or flat out yeet aka. #NXDOMAIN them...

@BrodieOnLinux OFC #dotZIP & #dotMOV will get abused by #scammers, but apparently with the 1st #NEWgTLD|s wave #ICANN also yeeted any "benefit vs. harm balance" out of the Window as well...

Client Info

Server: https://mastodon.social

Version: 2025.04

Repository: https://github.com/cyevgeniy/lmst