« previous next »
Pages: [1]   Go Down

Author Topic: google docs safe or problematic  (Read 3759 times)

0 Members and 1 Guest are viewing this topic.

5wswhat

  • Guest
google docs safe or problematic
« on: February 15, 2013, 09:21:47 PM »
Hi forum-members,

I have tow questions one about google docs and one which concerns sucuri site check website. I recently checked a google doc file on the sucuri site check website and was surprised that the url was declared as being blacklisted. So, I asked myself two questions.

Firstly, why does every site starting with hxxps://docs.google.com/document/d/... is blacklisted by sucuri site check. (tried various URLs)?

I also checked Zulu Zsacler which mentions several (minor?) risks too.
In the category « URL checks », two issues were highlighted :
- Suspicious Sub Domain : docs. has suspicious character score 2
- Suspicious Domain Name : google has suspicious charcter score 1.33
In the last category « HOST checks », it says : « The IP address has been identified as risky by one/more sources (apparently the biggest issue). So the URLs get final scores around 30/100 (still considered as benign).
So in summary, why do these URLs only get a mediocre score?

Secondly, for what does blacklisted on the sucuri site check website stands? I thought when an URL is blacklisted, it will be taken off the net. Or does the blacklisting by sucuri is without consequence?

Kind regards,
Gilles
« Last Edit: February 15, 2013, 09:36:54 PM by 5wswhat »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: google docs safe or problematic
« Reply #1 on: February 15, 2013, 09:43:36 PM »
Quote
Secondly, For what does blacklisted on the sucuri site check website stands for?
was there a details button to click?

Quote
I thought when an URL is blacklisted, it will be taken off the net.
lets say the website is on a server in colombia.... and the owner is Pablo Escobar
how/who do you ask to take it off the net.  ;)

or if somone hack your website and infect it....should it then be taken down, you have not done anything wrong!
« Last Edit: February 15, 2013, 09:47:45 PM by Pondus »
Logged

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: google docs safe or problematic
« Reply #2 on: February 15, 2013, 09:54:01 PM »
Quote from: Pondus on February 15, 2013, 09:43:36 PM
lets say the website is on a server in colombia.... and the owner is Pablo Escobar
how/who do you ask to take it off the net.  ;)

;D
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

5wswhat

  • Guest
Re: google docs safe or problematic
« Reply #3 on: February 15, 2013, 10:37:25 PM »
Hey Pondus,

when I click on the "reference" button, i got the following message :

Details for the domain docs.google.com
- Site blacklisted for being used to distribute malware.
- Site not being used in spam campaigns (forum/comment/seo).
- Our latest scan identified some issues on this site. You can do a real time scan here for more details: hxxp://sitecheck.sucuri.net.

I thought there would be some sort of collaboration between Pablo ehhh google and sucuri. So, according to you even google won't be able to take websites off the net ? A temporary removal wouldn't be so aberrant to prevent spreading.
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: google docs safe or problematic
« Reply #4 on: February 15, 2013, 11:44:34 PM »
put it on a block lst is one thing, but to take it down i guess you need lawyers and police....and if in another contry.....local police and.....

http://www.zdnet.com/dutch-police-take-down-bredolab-botnet-3040090649/

http://searchsecurity.techtarget.com/news/2240110651/FBI-takes-down-DNS-Charger-botnet-aided-14-million-click-fraud-scheme
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: google docs safe or problematic
« Reply #5 on: February 16, 2013, 12:39:04 AM »
Google docs is insecure in sofar as by abuse it may function as a proxy for malware C&C access *
Here we hear about the malware that sucuri flags: http://labs.sucuri.net/?details=docs.google.com
Reporting such an attack here: http://www.linuxforums.org/forum/security/154486-have-i-been-attacked-javascript.html
see: http://tecknick.hpage.co.in/google_51406150.html
And this is the proxy abuse: http://www.pcworld.com/article/2015169/malware-uses-google-docs-as-proxy-to-command-and-control-server.html
see: http://www.symantec.com/connect/blogs/malware-targeting-windows-8-uses-google-docs (link article author = Takashi Katsuki)
* Quote from this article
Quote
Google docs has a function called viewer that retrieves the resources of another URL and displays it. Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server. It is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall.
-> http://www.offensivecomputing.net/?q=node/532 (link source antivirustaneja)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »