Security firm should admit it screwed-up labeling .zip the shadiest top level domain.
It’s been a while since I’ve handed out a prestigious Domain Dunce award, but this week’s “Shady TLDs” report from security firm Blue Coat is very deserving.
Both Michael Berkens and Kevin Murphy covered the original report, which labeled .Zip the shadiest top level domain with 100% shady sites.
There’s just one problem: .Zip is an unreleased top level domain name from Google. There’s only one second level .zip domain in existence, and that’s nic.zip.
Someone at Blue Coat clearly didn’t do its homework. But what really qualifies Blue Coat for a Domain Dunce nomination is its response to the screwup.
Instead of admitting that it screwed up, and someone certainly is taking some heat inside the company for not noticing this, the company is saying that it’s just a methodology issue.
As it turns out, its data shows that strings ending in .zip are trying to ping the web. This is not surprising given the .zip extension for zip files. Blue Coat explains in a blog post:
… .zip URLs are showing up in our traffic logs, among the billion or so anonymized Web requests that our customers send us every day to be categorized in our WebPulse system. Generally, if you look closer, most of these appear to be filenames, not URLs – but they somehow ended up in somebody’s browser somewhere as a URL, and got treated accordingly. (For example, many of the requests are for [whatever].zip/favicon.ico URLs.)
…So, when one of those URLs shows up out on the public Internet, as a real Web request, we in turn treat it as a URL. Funny-looking URLs that don’t resolve tend to get treated as Suspicious — after all, we don’t see any counter-balancing legitimate traffic there.
Err, so you’re telling me .zip was the only non-active TLD that showed up in this data? I doubt that, given the name collision issue the industry wrestled with last year.
Let’s be honest about what likely happened. Someone saw .Zip was a delegated TLD, didn’t dig into the data, and put it as the shadiest TLD. If .zip didn’t show up on a TLD list or had the company realized it wasn’t released yet, it wouldn’t have been in the report. Realizing its mistake, the company is suggesting it knew this all along.
Congratulations, Blue Coat. You’re our latest Domain Dunce winner.
A Strong says
The new TLD .doc extension will probably be shady too.
Why on earth did ICANN allow popular file extensions (and one used to send malware etc) become a new TLD ?
Jason Drake says
Because money.
Kevin Murphy says
Technically, it was a methodology problem. The sample data used by Blue Coat were of undisclosed size and kinda self-selecting, leading to statistically irrelevant conclusions. The .zip face-palm moment was just the most egregious example produced.
michael berkens says
They were no doubt looking at .zip files that are send via email and if anyone is stupid enough to open one except from someone you know well you deserve the virus your going to get.
On the other hand beyond identifying these extensions as dangerous, Bluecoat advised everyone to block anything from any of these extensions which IMHO leaves then open to a lawsuit from Google
Anil Kumar says
Remember the old CP/M, MS-DOS files with the .com extensions? If that format existed now, they would have advised everyone to block all .com sites!
ElephantMemory says
Anil, well remembered. i’ve just typed (under cmd ) dir c:\windows\system32\*.com and guess what .. format.com; tree.com … great names 🙂
ElephantMemory says
ps: under win 10