> Are there examples where attackers gain a big advantage by having a downloaded file come from a trusted URL?
Some operating systems, like Mac OS X, will tag downloaded files with the domain they were downloaded from. A prompt asking the user whether they want to download a file that "was downloaded from google.com" will sound much more convincing than one with an unrecognizable domain name.
I think you greatly overestimate the degree to which non-technical people understand domain names and TLDs. There are a lot of people who think "www." goes on the front of their email address.
Yeah, but to avoid detection, botnets register random character domain names that are not going to appear legitimate, so this would be a nice tool in their arsenal.
Some operating systems, like Mac OS X, will tag downloaded files with the domain they were downloaded from. A prompt asking the user whether they want to download a file that "was downloaded from google.com" will sound much more convincing than one with an unrecognizable domain name.