Software that creates hyperlinks whenever it finds text that might be a URL, combined with ubiquitous use of .zip extension for compressed files.
I don’t get what’s more concerning about the .zip TLD than any other one.
perviouslyiner@lemmy.world 1 month ago
ceiphas@lemmy.world 1 month ago
ZIP Files are a constant source of exploits and Malware.
0x0@lemmy.dbzer0.com 1 month ago
Are there any exploits that have ever made use of TLD <-> file extension confusion? This seems really unlikely to help pull off an attack, even if the TLD was .exe, but maybe I’m overly optimistic.
BehindTheBarrier@programming.dev 1 month ago
They are just more likely to be scam like, particularly since they can be assumed to be a file at a glance.
Even more deviously, crafty urls like this further hides what you are actually doing, like this:
github.com∕kubernetes∕kubernetes∕archive∕refs∕tag…
Hover it with your cursor, watch what that actually links too, no markup cheating involved. Anything before the @ is just user information. Imagine clicking that and thinking you downlodaed a tagged build, only to get a malware?
It’s not the end of the world, but as a developer it makes great sense to just auto-block it to avoid an incident. The above URL is from this article, which says it’s not as big of huge problem too:
www.theregister.com/…/google_zip_mov_domains/
But it’s kind of a death by a thousand cuts to me, because it’s another thing with another set of consideration accross the internet ecosystem that one will have to deal with.