• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 873
  • Last Modified:

Infection from google/docs question

Strange emails with Google.docs links to pharma storeQuestion:
I received an email with a DOCS.GOOGLE.COM..... link in it.  See partial URL below.
Don't worry. I deleted the last characters of the URL on both sides.
ttp://docs.google.com/View?id=dkdg3hd__________ I deleted the rest of the address

As soon as I clicked it a swarm of email shot out from my hotmail account with a pharma web page link.
1.  How did this happen?
2.  Isn't my Norton supposed to protect me?
3.  What programming language is in that google docs  link?
4.  Does GOOGLE.DOCS have any useful purpose besides pharama ads?
5.  What setting do I need to change in my IE8 to ensure that this doesn't happen again?

If there are web links that answer the above questions then please supply them to me.  This is NOT the first time I stupidly clicked on an email link.
  • 2
  • 2
1 Solution
I'd like to help, but it's impossible to say with any accuracy what happened.  How do you feel about providing everything in the url after id=
That way, I can visit the link myself and get a much better idea what happened.  If you don't want to do that, head over to jahboite.co.uk and email the link to me.
brothertruffle880Author Commented:
jahboite thanks!
Okay.  Here's the link.  I was reluctant to post it because I didn't want anyone else to be possibly infected.

For some reason, when I clicked the link, addresses were extracted from my hotmail account and were sent the same link!
Ah well, the google doc has gone.  It's possible of course that the text you saw was the google doc, but the actual link was something different (and for some malicious page) - is that possible?

If it was definitely a google doc then maybe someone has found a way to embed html code into the document which invokes the javascript engine of your browser.  That code would then have had to exploit a cross site request forgery vulnerability (CSRF - you visit somesite.com where a page tricks your browser into performing actions on your behalf at vulnerable.com because vulnerable.com does not provide protection against forged requests).

These things are possible and I'll be interested to know if someone has discovered CSRF vulnerability in hotmail...

Norton, and any similar product, can only protect you against threats it knows about (or can detect with its heuristics).

Google Docs does indeed have uses besides spamvertising - it's a web based office suite with word processing, spreadsheets and so on.

My advice with internet explorer would be to use firefox instead.  Firefox in combination with the NoScript add-on (and a few simple tweaks) provides powerful protection against known and unknown attacks.  It manages this by preventing client-side code (e.g. javascript, flash) from executing in your browser when you visit websites - it also blocks the embedding of iframes in pages.
You then add sites that you trust to a whitelist (with a simple right-click of your mouse) and your browser will only execute code from those sites.
What this means is that on a daily basis you will encounter sites where they expect you to execute their client-side code and you have to make a decision about whether you trust the site enough not to serve malicious code.  You can either add the site to a temporary whitelist which is cleared when you close firefox or a more permanent one.
All of this is possible with IE8, but it's very much a manual process.
brothertruffle880Author Commented:
Thanks for an excellent explanation!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now