Beware of Google’s .ZIP domain and password-embedded URLs

Topic

New Reply

ISSUE 20.22 • 2023-05-29 PUBLIC DEFENDER By Brian Livingston The security community is up in arms, because Google this month started selling domain na
[See the full post at: Beware of Google’s .ZIP domain and password-embedded URLs]

Total of 23 users thanked author for this post. Here are last 20 listed.

AlphaCharlie, unbob, Berserker79, Microfix, Cijan, jburk07, J9438, geekster123, ibe98765, Charlie, Cybertooth, rc primak, SueW, fisher75, L95, DLivesInTexas, abbodi86, geekdom, trailcook, lmacri

Reply | Quote

Replies

Google’s argument that .com is also used in filenames doesn’t make sense. Back in the DOS and Windows 3.x days when .com files were common, most people didn’t have internet access and the amount of bad actors out there was significantly less.

2 users thanked author for this post.

Charlie, Cybertooth

Reply | Quote

I don’t know how long since Google stopped pretending “Don’t be evil” was its motto/corporate code of conduct, probably when Alphabet assimilated it, but it most certainly has abandoned all pretext of believing in it anymore. For that matter, Alphabet’s claim to “Do the right thing” is completely discredited by these stupid, stupid top-level domains.

That said, who is/are the idiot(s) and ICANN who licensed .mov and .zip to any company?

The other TLDs seem pretty harmless, no more dangerous than vanity license plates. I’ve actually looked at the list of TLDs and there are some pretty strange ones in there. My personal favorite is XN–VERMGENSBERATUNG-PWB, the longest one in the list.

Google used to have some pretty smart people running the place. What happened to them?

2 users thanked author for this post.

unbob, ibe98765

Reply | Quote

Maybe that “Brain Fog” that people experienced with Covid 19 actually did more damage to their brains than we were aware of.  The way things have been going, it’s a very good possibility.

Being 20 something in the 70's was much more fun than being 70 something in the 20's.

Reply | Quote

I think it all comes down to greed.

Reply | Quote

MHCLV941 wrote:

Google used to have some pretty smart people running the place. What happened to them?

They are all into AI I suppose. Or a momentary lapse of……?

* _ the metaverse is poisonous _ *

Reply | Quote

steeviebops wrote:

Google’s argument that .com is also used in filenames doesn’t make sense. Back in the DOS and Windows 3.x days when .com files were common, most people didn’t have internet access and the amount of bad actors out there was significantly less.

Nothing about this whole bit of insanity makes any sense.

4 users thanked author for this post.

unbob, ibe98765, rc primak, Cybertooth

Reply | Quote

Fred wrote:

MHCLV941 wrote:

Google used to have some pretty smart people running the place. What happened to them?

They are all into AI I suppose. Or a momentary lapse of……?

The bean counters have staged a coup and locked all of them in a lab, along with all of Alphabet/Google’s security staff.

1 user thanked author for this post.

rc primak

Reply | Quote

As soon as I get some sleep, my and my clients’ firewalls will block both .mov and .zip. I doubt that this is an original thought.

1 user thanked author for this post.

rc primak

Reply | Quote

Added both *.zip and *.mov to pihole’s domain block list

Reply | Quote

trailcook wrote:

Added both *.zip and *.mov to pihole’s domain block list

– So if you don’t have a pihole, how to block?

 

Reply | Quote

Wait for the updates to your favorite browser guard security products. Many more updates to come. (May I put in a plug now for Malwarebytes Browser Guard? Though, they may not have caught up with this development yet.)

Another probability is that someone will place into the Google Web Store an extension to block these domains. The existing block lists (like uBlock Origin) no doubt will be blocking these domain names even sooner. Even Ghostery has an opportunity here. Firefox might block them in the browser just out of spite for their rival.

What I worry about are email links. Especially in ads. Those are harder to train people to ignore or check out using other methods.

This is looking like the QR Codes issue, only worse.

-- rc primak

4 users thanked author for this post.

jburk07, gwt10, ibe98765, Charlie

Reply | Quote

gwt10 wrote:

trailcook wrote:

Added both *.zip and *.mov to pihole’s domain block list

– So if you don’t have a pihole, how to block?

 

If you have a Pro version of Windows it can be done via Group Policy.

11 users thanked author for this post.

oldfry, geekster123, WSraysig, gwt10, ibe98765, rc primak, Just another Forum Poster, NaNoNyMouse, RetiredGeek, Alex5723, geekdom

Reply | Quote

Can a single Group Policy cover multiple banned TLD’s?

-- rc primak

Reply | Quote

No, you have to create a separate rule for each one.

2 users thanked author for this post.

gwt10, rc primak

Reply | Quote

Which, if any, browsers allow you to disable formatting in the url?

1 user thanked author for this post.

geekdom

Reply | Quote

Here is information on punycode which is a unicode look-alike. Configuring the Firefox browser is shown:

https://www.askwoody.com/forums/topic/replies-daily-computer-tip/#post-2503383

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

3 users thanked author for this post.

rc primak, SueW, NaNoNyMouse

Reply | Quote

Which, if any, browsers allow you to disable formatting in the url?

None of them really can do the trick presently. And there aren’t any good extensions I know of to do this generalized job. In fact, Google in particular has been moving the opposite direction since at least 2014, according to Paul Thurott.

-- rc primak

Reply | Quote

I’m a bit of a computer dummy and so a lot of this discussion is over my head.  I did a Google search to try to find an easy step-by-step procedure to use Group Policy to block *.zip  and *.mov as mentioned by Steeviebops above.  The search let me to a step-by-step article (that shows screenshots for every step)  at https://www.grouppolicy.biz/2010/04/how-to-configure-applocker-group-policy-in-windows-7-to-block-third-party-browsers/.   It appears to be kind of  an old article written in 2010.  Would this article be a good article for me to use,  or is there something better?   I am presently using a Windows 7 computer (security protected by 0Patch),  and will also be setting up a couple more computers to replace it,  one is a laptop with Windows 10 Home Edition and the other is a desktop with Windows 10 Professional.  It looks like there may not be a way to do it on the one with Home Edition because Steeviebops said the method applies to Windows Pro,  but at any rate I’d like to find an easy step-by-step article (with screenshots) to accomplish this on the the 2 computers that do have Windows Pro.

And then for the one that has Home Edition,  is there a way to accomplish this in view of the fact I don’t have pi-hole?

Also,  Brian Livingston said “even worse, some browsers are allowing usernames and passwords to be embedded into URLs.”  Which browsers is he referring to?

 

3 users thanked author for this post.

Cijan, jburk07, rc primak

Reply | Quote

From a fellow tech dummy (me) to your question:

I did a lengthy search, but did not find a way to use the Windows 10/11 Pro Group Policies to block a specific domain from being used by all your web browsers and all mail apps. (Other applications should be well-behaved unless the apps themselves are malicious.)

Although Chatgpt-4 seems to think there is a way to use Windows 10/11 Group Policies to block domains from all applications, actual discussions online about this exact concept come to the opposite conclusion:

GPO’s won’t be able to achieve that.

The simplest approach may be to use web browser extensions, or the router’s settings, various kinds of parental controls, or your Windows Hosts File. This article shows you how these things can be done in Windows 10 (or 11).

There is also a Powershell way to block web sites or domains. This is basically an indirect way to access the Windows Defender Firewall settings. Check this article.

AppLocker, last I knew, was an Enterprise Windows feature not yet available fully to Pro users.

Generally, Home Editions may have Registry Edits available to accomplish what the Pro and Enterprise Group Policies do. But not always. And for this scenario, there appears not to be so simple a way to handle the mess Google has created.

Passwords or passcodes embedded in URLs work in all major browsers. Zoom for example, has their meting passwords embedded into their links if you choose to allow this. The basic method used is shown in this article.  This is not a State Secret and does not require a lot of technical skill. Making it happen automatically just by clicking on a malicious link is a bit more challenging.

Woody Leonhard used to love dummies. He always introduced himself as our fellow dummy.

There are no dumb questions — only people dumb enough not to ask.

-- rc primak

5 users thanked author for this post.

Cijan, jburk07, L95, Cybertooth, ibe98765

Reply | Quote

To block all apps from accessing a specific domain (i.e. somedomain.com), simply add it to the “end” of the host file located in:

C:\Windows\System32\drivers\etc

Using the following format:

0.0.0.0 somedomain.com

Then any app attempting to connect to it will get redirected to the “non-existant” 0.0.0.0 IP address and won’t be able to connect.

Notes:

• The host file is a simple text file (i.e. it can be opened with any text editor) but doesn’t have an extension and must be saved that way if modified.

• You can either use spaces or tabs between the IP address and the domain name (I “sort” the rows and use a tab so the domain names line up in the same column and are easy to read.)

• To block “multiple” domains, enter each one on it’s own line using the above format.

• You can’t block “partial” domain names or TLD suffixes, only full domain names!

• This will not block attempts to “directly connect” to an IP address (i.e. it only blocks domain names!)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
To block all apps from accessing a specific TLD (i.e. .zip, .mov, .xyz, etc., etc.) use the Group Policy method steeviebops posted above.

BTW, I verified that Group Policy does block all apps from accessing the particular TLD you enter.

i.e. google-analytics.zip is one of the newly “registered” .zip domains with an assigned IP address (list of newly registered .zip domains)

After implementing a TLD block of .zip using the Name Resolution Group Policy, when I attempt to browse to it (4 different browsers), ping it, run tracert to it, or use any of the other programs I have to check domain info, they all failed because they couldn’t find the “google-analytics.zip” domain name.

Just FYI, even though a Whois check shows that domain does belong to Google, I did not try to visit it before implementing my .zip block and would suggest no one else visit it either.

5 users thanked author for this post.

rc primak, jburk07, L95, WSraysig, RetiredGeek

Reply | Quote

URL syntax allows the following:

https://username:password@www.domain.com

I’ve used this myself for easy link or bookmark access to FTP servers:

ftp://username:password@ftp.domain.com

The username and password are transmitted as plaintext, and is a potential security problem, but it’s just a formality for most ftp sites to prohibit casual file access and google scanning. In addition, that access is usually always read-only for all directories except /tmp .

1 user thanked author for this post.

rc primak

Reply | Quote

Let me add Susan Bradley’s advice:

The best security safeguard is a well-patched end user.

We know what to watch out for and can probably protect ourselves. Now let’s get the word out to our friends, colleagues and families!

-- rc primak

Reply | Quote

None of them really can do the trick presently. And there aren’t any good extensions I know of to do this generalized job. In fact, Google in particular has been moving the opposite direction since at least 2014, according to Paul Thurott.

-- rc primak

Reply | Quote

Catching up on forum so did not read the article yet 😔 but would not this be just the thing to fix via a null entry in the host file for those domains?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

steeviebops wrote:

gwt10 wrote:

trailcook wrote:

Added both *.zip and *.mov to pihole’s domain block list

– So if you don’t have a pihole, how to block?

 

If you have a Pro version of Windows it can be done via Group Policy.

Hi and thanks for that info.

However there are certain cases where I do download zip files from some sources that I do trust, either through Firefox itself, or using programs like IDM or JDownloader.  The files themselves typically end in .zip or .rar

Will this group policy disable the ability to do that?

Reply | Quote

gwt10 wrote:

there are certain cases where I do download zip files from some sources that I do trust, either through Firefox itself, or using programs like IDM or JDownloader. The files themselves typically end in .zip or .rar Will this group policy disable the ability to do that?

The Group Policy Rule only applies to DNS lookups (that convert the “Domain Name” into the “IP address” needed to actually make the connection) not the URL entered in your browser!

So if a particular “link” ends with a blocked “domain suffix“, it won’t be affected.

I.e., I just downloaded the “seamonkey-2.53.16.en-US.win64.zip” file from the Mozilla archives without any problems because the “domain suffix” for that site is .org not .zip.

1 user thanked author for this post.

rc primak

Reply | Quote

Makes me glad I try to NOT use anything Google!

 

Reply | Quote

rc primak wrote:

From a fellow tech dummy (me) to your question:

I did a lengthy search, but did not find a way to use the Windows 10/11 Pro Group Policies to block a specific domain from being used by all your web browsers and all mail apps. (Other applications should be well-behaved unless the apps themselves are malicious.)

Although Chatgpt-4 seems to think there is a way to use Windows 10/11 Group Policies to block domains from all applications, actual discussions online about this exact concept come to the opposite conclusion:

GPO’s won’t be able to achieve that.

The simplest approach may be to use web browser extensions, or the router’s settings, various kinds of parental controls, or your Windows Hosts File. This article shows you how these things can be done in Windows 10 (or 11).

There is also a Powershell way to block web sites or domains. This is basically an indirect way to access the Windows Defender Firewall settings. Check this article.

AppLocker, last I knew, was an Enterprise Windows feature not yet available fully to Pro users.

Generally, Home Editions may have Registry Edits available to accomplish what the Pro and Enterprise Group Policies do. But not always. And for this scenario, there appears not to be so simple a way to handle the mess Google has created.

Passwords or passcodes embedded in URLs work in all major browsers. Zoom for example, has their meting passwords embedded into their links if you choose to allow this. The basic method used is shown in this article.  This is not a State Secret and does not require a lot of technical skill. Making it happen automatically just by clicking on a malicious link is a bit more challenging.

Woody Leonhard used to love dummies. He always introduced himself as our fellow dummy.

There are no dumb questions — only people dumb enough not to ask.

The way I did it above was go to Computer Configuration > Windows Settings > Name Resolution Policy. Set the dropdown to zip (or whatever TLD you want to block), then go to the Generic DNS Server tab, select Enable DNS settings, click Add, and then enter 0.0.0.0 as the DNS server Click Create, and then Apply at the end. You can add multiple entries here.

4 users thanked author for this post.

rc primak, Berserker79, L95, Alex5723

Reply | Quote

https://windowsloop.com/how-to-block-zip-and-mov-domains-in-windows/

4 users thanked author for this post.

NaNoNyMouse, rc primak, Berserker79, Cybertooth

Reply | Quote

Steeviebops:   Which version of Windows did you use this procedure on?  And was there an article on the Internet that recommended this procedure?   If so,  can you provide a link to it?

Reply | Quote

Windows 10 Pro. I didn’t follow any guides, this was something I had used in the past for other tasks but figured it would come in handy here.

2 users thanked author for this post.

rc primak, L95

Reply | Quote

L95 wrote:

If so, can you provide a link to it?

The link provided by @alex5723 in the post immediately above yours provides detailed instructions on how to do this with one difference, it says to use IP address 127.0.0.1 instead of 0.0.0.0.

As @steeviebops points out in his below post, 0.0.0.0 is a “much better” option because 127.0.0.1 will “redirect” those domains to your local PC and, if it’s running a 3rd party DNS server (i.e. Anti-virus, VPN, etc., etc.) the block won’t work!

Using the 0.0.0.0 IP address will always work because it’s not a valid IP address for any software/hardware!

5 users thanked author for this post.

NaNoNyMouse, rc primak, Berserker79, L95, steeviebops

Reply | Quote

Alex5723 wrote:

https://windowsloop.com/how-to-block-zip-and-mov-domains-in-windows/

I prefer to use 0.0.0.0 rather than 127.0.0.1 because if your machine is running a DNS agent of some sort (some AVs such as Webroot DNS Protection might have this), then the block won’t be effective.

7 users thanked author for this post.

NaNoNyMouse, rc primak, L95, gwt10, allanhm47, Just another Forum Poster, Alex5723

Reply | Quote

Testing

Reply | Quote

Alex5723 wrote:

https://windowsloop.com/how-to-block-zip-and-mov-domains-in-windows/

Very nice article so long as one does not have the Home version. Group policy is not available in the Home version.

Reply | Quote

MHCLV941 wrote:

Group policy is not available in the Home version.

A 3rd party option that does allow you to apply Group Policies for the Home version is Policy Plus.

• Policy Plus brings Group Policy to all Windows editions

It makes the same registry changes as Group Policy on the Windows Pro/Enterprise editions but requires you logoff and/or reboot for them to take effect.

3 users thanked author for this post.

SueW, jburk07, Cybertooth

Reply | Quote

I think I recall Susan Bradley saying something along the lines that: Even though programs like this will insert the edits into the Windows 10 Home registry, the operating system will sometimes just ignore some of those registry entries. Have you tested the Name Resolution Group Policy fix using this program? Just curious. (I used the UblockOrigin method below and can confirm it does the trick.)

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

1 user thanked author for this post.

rc primak

Reply | Quote

As for the assertion…

the operating system will sometimes just ignore some of those registry entries

It appears that’s only true for Group Policies intended to block “automatic” Windows updates. I know the “registry settings” made by the Group Policies that block “automatic Windows Updates” stopped working on my Aunt’s Windows Home version quite some time ago (had to switch her internet connection to “metered” to stop them!)

But I’ve applied registry settings for “other” Group Policies, and they’ve always worked as expected, and I’ve see posts here on Askwoody by various users who’ve done the same on their Windows Home versions and, so far, they all seem to still work.

Of course, unless you never apply any Windows updates, Microsoft has ultimate control over your Windows installation during the update process and can chose to ignore any settings you’ve changed/applied!

Note: I haven’t been able to apply this new one to my Aunt’s Windows Home setup yet; she’s a CPA and hasn’t been willing to allow me remote access to her PC due to her current work load. I “may” be able to test it this weekend… if another Askwoody user doesn’t beat me to it first.

BTW, attached are the appropriate registry settings to block the MOV and ZIP suffixes, taken directly from my own registry after applying the Name Resolution Policy, as well as versions that will remove the block if you decide you don’t need it.

3 users thanked author for this post.

rc primak, Steve S., geekdom

Reply | Quote

See #2563170.

Will the “DNSPolicyConfig” name in the .reg files work for all scenarios?

Reply | Quote

It’s located in the \Services\Dnscache section of the registry so, unless you have the Dnscache service (DNS Client) disabled, it should.

Just be aware, there must be a separate key {Rule GUID} for each Name Resolution Policy you want to apply and the key names are a “randomly generated” 36 character hex value.

The key for my MOV block is {54a5f496-186f-459a-8f70-35ddd056de0b}

The key for my XYZ block is {7b5ab7dd-082b-4f47-95bc-552906b3ab4a}
(note: I didn’t attach the reg file for this one)

The key for my ZIP block is {af9c213e-8011-4eb6-bac6-5e43da4bd456}

I scanned my registry and the \Services\Dnscache section was the only location using those values so you “should” be able to create your own key (as long as it follows that same format and is unique) and have it apply.

For more info about the Name Resolution Policy setting, see Microsoft’s Name Resolution Policy Table (NRPT) page.
(note: while that page indicates NRPT is for Windows Server 2012 & Windows Server 2012 R2, it also applies to the newer versions of Windows Server as well as Win10 & 11.)

2 users thanked author for this post.

rc primak, Cybertooth

Reply | Quote

The snag I ran into when trying to use this Policy Plus is that the categories it lists don’t seem to necessarily match what’s in Group Policy Editor. In this case, for instance, whereas Alex’s link says to navigate in Group Policy to “Computer Configuration” > “Windows Settings” > “Name Resolution Policy”, there is no corresponding listing in Policy Plus. Where exactly would one go in PP to make that GP change? Searching for these terms in PP turns up hundreds of results.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

All my PC’s are Win10 Pro and I never actually tried using Policy Plus, so I downloaded it and here’s what I discovered.

It shows the “Administrative Template” policies for Users or Computer but does not show the “Software Settings” or “Windows Settings” policies; which makes it useless for applying this particular policy!

As to why it doesn’t include those policy categories, only the developer could answer that question but I “suspect” they weren’t included because most users would never need them.

Unfortunately, this means Win10 & 11 Home users will need to modify their registry to apply this policy and, at this point, we don’t know if that actually works.

3 users thanked author for this post.

rc primak, Cybertooth, RetiredGeek

Reply | Quote

Based on a Reddit thread I added this to my uBlock Origin “My Filters” list:

||mov^
||zip^

Testing so far shows that it works:

uBlock Origin has prevented the following page from loading: http://test.mov/

uBlock Origin has prevented the following page from loading: http://test.zip/

11 users thanked author for this post.

unbob, rc primak, Microfix, jburk07, access-mdb, Alex5723, Cybertooth, Steve S., RetiredGeek, geekdom, gwt10

Reply | Quote

Worked perfectly! Thanks.

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

2 users thanked author for this post.

jburk07, Cybertooth

Reply | Quote

Thanks @CBA, easy peasy
TIP: export updated uBlock settings and save as a backup for reintroduction when/ if required 🙂

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

unbob

Reply | Quote

Just another Forum Poster wrote:

gwt10 wrote:

there are certain cases where I do download zip files from some sources that I do trust, either through Firefox itself, or using programs like IDM or JDownloader. The files themselves typically end in .zip or .rar Will this group policy disable the ability to do that?

The Group Policy Rule only applies to DNS lookups (that convert the “Domain Name” into the “IP address” needed to actually make the connection) not the URL entered in your browser!

So if a particular “link” ends with a blocked “domain suffix“, it won’t be affected.

I.e., I just downloaded the “seamonkey-2.53.16.en-US.win64.zip” file from the Mozilla archives without any problems because the “domain suffix” for that site is .org not .zip.

Ok well I appreciate all that clarification, thank you.

Reply | Quote

Two problems with using UblockOrigin or other “browser” add-ins to do this:

1- It only blocks browser access; “other programs” on your PC can still connect to those domains.

2- It only works for the specific browser that has the add-in installed.

The Group Policy method works to block access by all programs installed on your system!

5 users thanked author for this post.

AlphaCharlie, rc primak, steeviebops, NaNoNyMouse, geekdom

Reply | Quote

It never hurts to do both Group Policy and uBlock Origin.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

rc primak

Reply | Quote

Not forgetting firewall in/out wildcard blocks or hostfile exclusions 😉

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

rc primak

Reply | Quote

ZIP Domains Already Used in Cunning Phishing Concepts
as ever… /facepalm

No problem can be solved from the same level of consciousness that created IT- AE

1 user thanked author for this post.

rc primak

Reply | Quote

I generated the TLD blocks using Group Policy on my Pro machines. Here’s what the equivalent Registry blocks on .zip and .mov look like on my Win8.1/10/11. Seems the “DNSPolicyConfig” name (see highlighted alpha-numeric in screenshots) is unique to the generation of each individual policy, not common to the TLDs blocked on each machine.

Win8.1 Registry settings:

Win10 Registry settings:

Win11 Registry settings:

3 users thanked author for this post.

abbodi86, rc primak, Just another Forum Poster

Reply | Quote

Many excellent ideas in this thread, but, I follow the maxim “As Much As Necessary, As Little As Possible” whenever feasible.  Plus common sense and a little prudence.

On that basis, using uBlock Origin (Firefox and Edge) to block .mov and .zip domains has the advantage that I can decide to “Proceed”, should I trust the site in question.  My thoughts…

3 users thanked author for this post.

unbob, rc primak, Alex5723

Reply | Quote

Wow! There’s a lot to absorb here, and it’s a little overwhelming, coming from another tech dummy : D

I am actually a little tech savvy but this is definitely over my head.  I think since I am the only Windows user in my home, I can avoid these nefarious TLDs (or so I hope!).  I try to use my IOS devices for any web activity and generally avoid the browser (Firefox) on my laptop.  But my husband is vulnerable and I have no way to realistically teach him to avoid these TLDs.  Just not gonna happen!!!

So all of this discussion is around Windows.  What about IOS? I use Safari and Duckduckgo. Is it vulnerable if one were to click on an infected url?  And would Lockdown stop it? thanks! Donna

Reply | Quote

My best guess is that in the very near future programs like Malwarebytes Browser Guard (free) will be coming out with at least an option to block domain names and top-level domains. Full security suites, but probably not Windows Defender, will also offer the option, I suspect. The Windows Firewall however, does offer such capabilities now, if you know how to configure it. Again, third party tweaks for dummies (my TM 🙂 ) will most likely come out soon to make the process very simple indeed. Just make sure the utilities and methods you choose come from trusted vendros or developers. Or from the folks right here at AskWoody.

-- rc primak

2 users thanked author for this post.

L95, Cybertooth

Reply | Quote

Oh and what about blocking at the router level???

Reply | Quote

If you’re using an ASUS router that will support Merlin’s firmware, then see this post about blocking at the router level: https://www.snbforums.com/threads/how-to-block-top-level-domains.79311/ . It works for me testing get.store (an existing domain). (These add-ins are a reason I’ve been using ASUS routers for 10+ years. See, e.g., diversion. I even send contributions to these guys!) -Phil

1 user thanked author for this post.

rc primak

Reply | Quote

thank you. I have a Netgear. I will check the user guide, I think I can block domains.

Reply | Quote

If you succeed, please post instructions or a link.

-- rc primak

Reply | Quote

The games have begun!

While testing my firewall changes, I found a live .zip domain. It’s, well, the forum won’t let me post anything that actually has it, so….

Replace .com in http://www.microsoft.com with the offensive TDL.

(Fingers crossed that this posts!)

Reply | Quote

I came across this list of “The 10 Most Abused Top Level Domains”

at    https://www.spamhaus.org/statistics/tlds/

so then I went to the My Filters tab in Ublock Origin and did this:

This is my first time wandering inside uBlock origin, so I will report back if I note any strange behavior.  Of course, this is on one Win 10 machine.

I wonder when we will have a simple procedure for my Chromebook and my iOS devices.

 

 

Reply | Quote

AlphaCharlie wrote:

I came across this list of “The 10 Most Abused Top Level Domains”

at https://www.spamhaus.org/statistics/tlds/

For spam:

The 10 Most Abused Top Level Domains
As of 09 June 2023 the TLDs with the worst reputations for spam operations are:

AlphaCharlie wrote:

so then I went to the My Filters tab in Ublock Origin and did this:

Can uBlock Origin block emails?

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

I only use Firefox.  I am pretty sure that uBlock Origin is only for browsers.  I suppose it would block if one clicked a link to one of those domains that was contained in an email.

Reply | Quote

On June 3, 2023,  rc primak wrote: 

rc primak wrote:

My best guess is that in the very near future programs like Malwarebytes Browser Guard (free) will be coming out with at least an option to block domain names and top-level domains. Full security suites, but probably not Windows Defender, will also offer the option, I suspect. The Windows Firewall however, does offer such capabilities now, if you know how to configure it.

I have contacted a Malwarebytes representative by e-mail, and she said their Browser Guard does already do this blocking.  She also provided a link to an article on their website about this domain-name issue.  The link is at https://www.malwarebytes.com/blog/news/2023/05/zip-domains.  I found the article to be helpful in understanding the issue.

However, as alejr wrote on May 31, 2023, a problem with browser add-ins is that “it only blocks browser access; ‘other programs’ on your PC can still connect to these domains.”  I didn’t ask Malwarebytes about this, but I would assume that probably the same is true of their Browser Guard.  I may ask them about it at some point in a future e-mail correspondence.
 

2 users thanked author for this post.

AlphaCharlie, Cybertooth

Reply | Quote