google docs safe or problematic

Viruses and worms
1

Hi forum-members,

I have tow questions one about google docs and one which concerns sucuri site check website. I recently checked a google doc file on the sucuri site check website and was surprised that the url was declared as being blacklisted. So, I asked myself two questions.

Firstly, why does every site starting with hxxps://docs.google.com/document/d/… is blacklisted by sucuri site check. (tried various URLs)?

I also checked Zulu Zsacler which mentions several (minor?) risks too.
In the category « URL checks », two issues were highlighted :

  • Suspicious Sub Domain : docs. has suspicious character score 2
  • Suspicious Domain Name : google has suspicious charcter score 1.33
    In the last category « HOST checks », it says : « The IP address has been identified as risky by one/more sources (apparently the biggest issue). So the URLs get final scores around 30/100 (still considered as benign).
    So in summary, why do these URLs only get a mediocre score?

Secondly, for what does blacklisted on the sucuri site check website stands? I thought when an URL is blacklisted, it will be taken off the net. Or does the blacklisting by sucuri is without consequence?

Kind regards,
Gilles

2
Secondly, For what does blacklisted on the sucuri site check website stands for?
was there a details button to click?
I thought when an URL is blacklisted, it will be taken off the net.
lets say the website is on a server in colombia.... and the owner is Pablo Escobar how/who do you ask to take it off the net. ;)

or if somone hack your website and infect it…should it then be taken down, you have not done anything wrong!

3

;D

4

Hey Pondus,

when I click on the “reference” button, i got the following message :

Details for the domain docs.google.com

  • Site blacklisted for being used to distribute malware.
  • Site not being used in spam campaigns (forum/comment/seo).
  • Our latest scan identified some issues on this site. You can do a real time scan here for more details: hxxp://sitecheck.sucuri.net.

I thought there would be some sort of collaboration between Pablo ehhh google and sucuri. So, according to you even google won’t be able to take websites off the net ? A temporary removal wouldn’t be so aberrant to prevent spreading.

5

put it on a block lst is one thing, but to take it down i guess you need lawyers and police…and if in another contry…local police and…

http://www.zdnet.com/dutch-police-take-down-bredolab-botnet-3040090649/

http://searchsecurity.techtarget.com/news/2240110651/FBI-takes-down-DNS-Charger-botnet-aided-14-million-click-fraud-scheme

6

Google docs is insecure in sofar as by abuse it may function as a proxy for malware C&C access *
Here we hear about the malware that sucuri flags: http://labs.sucuri.net/?details=docs.google.com
Reporting such an attack here: http://www.linuxforums.org/forum/security/154486-have-i-been-attacked-javascript.html
see: http://tecknick.hpage.co.in/google_51406150.html
And this is the proxy abuse: http://www.pcworld.com/article/2015169/malware-uses-google-docs-as-proxy-to-command-and-control-server.html
see: http://www.symantec.com/connect/blogs/malware-targeting-windows-8-uses-google-docs (link article author = Takashi Katsuki)

  • Quote from this article
    Google docs has a function called viewer that retrieves the resources of another URL and displays it. Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google’s policies, Backdoor.Makadocs uses this function to access its C&C server. It is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall.
    http://www.offensivecomputing.net/?q=node/532 (link source antivirustaneja)

polonus