Infection from google/docs question

Strange emails with Google.docs links to pharma storeQuestion:
GOOGLE DOCSQuestion:
I received an email with a DOCS.GOOGLE.COM..... link in it.  See partial URL below.
Don't worry. I deleted the last characters of the URL on both sides.
ttp://docs.google.com/View?id=dkdg3hd__________ I deleted the rest of the address

As soon as I clicked it a swarm of email shot out from my hotmail account with a pharma web page link.
1.  How did this happen?
2.  Isn't my Norton supposed to protect me?
3.  What programming language is in that google docs  link?
4.  Does GOOGLE.DOCS have any useful purpose besides pharama ads?
5.  What setting do I need to change in my IE8 to ensure that this doesn't happen again?

If there are web links that answer the above questions then please supply them to me.  This is NOT the first time I stupidly clicked on an email link.
brothertruffle880Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jahboiteCommented:
I'd like to help, but it's impossible to say with any accuracy what happened.  How do you feel about providing everything in the url after id=
That way, I can visit the link myself and get a much better idea what happened.  If you don't want to do that, head over to jahboite.co.uk and email the link to me.
0
brothertruffle880Author Commented:
jahboite thanks!
Okay.  Here's the link.  I was reluctant to post it because I didn't want anyone else to be possibly infected.

http://docs.google.com/View?id=df9vs3v3_0gszgwsgn 
For some reason, when I clicked the link, addresses were extracted from my hotmail account and were sent the same link!
 
0
jahboiteCommented:
Ah well, the google doc has gone.  It's possible of course that the text you saw was the google doc, but the actual link was something different (and for some malicious page) - is that possible?

If it was definitely a google doc then maybe someone has found a way to embed html code into the document which invokes the javascript engine of your browser.  That code would then have had to exploit a cross site request forgery vulnerability (CSRF - you visit somesite.com where a page tricks your browser into performing actions on your behalf at vulnerable.com because vulnerable.com does not provide protection against forged requests).

These things are possible and I'll be interested to know if someone has discovered CSRF vulnerability in hotmail...

Norton, and any similar product, can only protect you against threats it knows about (or can detect with its heuristics).

Google Docs does indeed have uses besides spamvertising - it's a web based office suite with word processing, spreadsheets and so on.

My advice with internet explorer would be to use firefox instead.  Firefox in combination with the NoScript add-on (and a few simple tweaks) provides powerful protection against known and unknown attacks.  It manages this by preventing client-side code (e.g. javascript, flash) from executing in your browser when you visit websites - it also blocks the embedding of iframes in pages.
You then add sites that you trust to a whitelist (with a simple right-click of your mouse) and your browser will only execute code from those sites.
What this means is that on a daily basis you will encounter sites where they expect you to execute their client-side code and you have to make a decision about whether you trust the site enough not to serve malicious code.  You can either add the site to a temporary whitelist which is cleared when you close firefox or a more permanent one.
All of this is possible with IE8, but it's very much a manual process.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brothertruffle880Author Commented:
Thanks for an excellent explanation!
Regards!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.