Jump to content

PSA: Google Docs

FakeNSA
By FakeNSA
in Off Topic
 Share
Go to solution Solved by WMGroomAK,
42 minutes ago, Aelar_Nailo said:

It does actually route to a doc though. Lots of foolish business users got compromised today.....

 

2 hours ago, vetali said:
Here's what it looks like. Silly that it can actually use the name Google Docs. 

Here are the Ars Technica articles concerning this that have some information on how it was implemented...  As of 4:40 PM EDT, they had updated the article to say:

 

Quote

[Update, 4:40 pm EDT:] Google has struck hard at the worm. Not only have all the sites associated with the phish been taken offline (their domains appear to have been completely erased), but the permissions associated with the worm have been dropped from victims' accounts. Attempts to reach the domains used in the attack fail, and a whois lookup returns "No whois server is known for this kind of object."

 

https://arstechnica.com/security/2017/05/google-docs-phish-worm-grabs-your-google-app-permissions-contacts/

 

https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/

 

An article at Bleeping Computer goes into some additional details on how Google learned about the scheme and how they went about taking this Phishing Scheme down...

 

https://www.bleepingcomputer.com/news/security/it-took-google-one-hour-to-shut-down-massive-self-replicating-phishing-campaign/

 

It is always best practice though to verify as best as you can any links you get in email (or anywhere really) prior to opening them.

 

Posted

I put this here because I do not have a reputable source. If it needs to be moved, please do so.

 

It has come to my attention, through my father, a corporate IT professional, that gmail has been hacked. People from around the web are receiving emails from people they know, inviting them to edit a google doc. If you recieve one of these emails, DO NOT OPEN IT! If you do, it will immediately download the entirety of your gmail addressbook, and send a similar email to everyone on that list within two minutes. I posted this as a PSA only, and it may or may not be reported by news sources at a later date. The location and purpose of the email address gathering has not been found. It is not yet known what else this virus may do.

Thank you, and PLEASE, do not open any google docs editing invitations today.

Be safe. 

As #muricaparrotgang's founder, I invite you to join our ranks today.

"My name is Legion 'Murica Parrot Gang, for we are many."

 

(We actually welcome all forms of animated parrot gifs.)

 

The artist formerly known as Aelar_Nailo.

 

Profile Pic designed by the very lovely @Red :)!

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/
Share on other sites
Link to post
Share on other sites
Posted

This isn't gmail being "hacked," and gmail itself likely has little to nothing to do with it. It's just a common phishing scam.

"You don't need headphones, all you need is willpower!" ~MicroCenter employee

 

How to use a WiiMote and Nunchuck as your mouse!


Specs:
Graphics Card: EVGA 750 Ti SC
PSU: Corsair CS450M
RAM: A-Data XPG V1.0 (1x8GB) (Red)
Procrastinator: Intel i5 4690k @ 4.4GHz 1.3V
Case: NZXT Source 210 Elite (Black)
Speakers and Headphones: Monitor Speakers and Phlips SHP9500s
MoBo: MSI Z97 PC MATE
SSD: SanDisk Ultra II (240GB)
Monitor: LG 29UM68-P
Mouse: Mionix Naos 7000
Keyboard: Corsair K70 RGB (2016) (Browns)

Webcam/mic: Logitech C270
 

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9777303
Share on other sites
Link to post
Share on other sites
Posted

Here's what it looks like. Silly that it can actually use the name Google Docs. 

5800X3D / ASUS X570 Dark Hero / 64GB 3600mhz / EVGA RTX 3090ti FTW3 Ultra / Dell S3422DWG / Razer Deathstalker v2 / Razer Basilisk v3 Pro / Sennheiser HD 600

2021 Razer Blade 14 3070 / iPhone 15 Pro Max

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9777598
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 hour ago, vetali said:

Here's what it looks like. Silly that it can actually use the name Google Docs. 

It does actually route to a doc though. Lots of foolish business users got compromised today..... 

As #muricaparrotgang's founder, I invite you to join our ranks today.

"My name is Legion 'Murica Parrot Gang, for we are many."

 

(We actually welcome all forms of animated parrot gifs.)

 

The artist formerly known as Aelar_Nailo.

 

Profile Pic designed by the very lovely @Red :)!

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9778052
Share on other sites
Link to post
Share on other sites
Posted
  • Solution
42 minutes ago, Aelar_Nailo said:

It does actually route to a doc though. Lots of foolish business users got compromised today.....

 

2 hours ago, vetali said:
Here's what it looks like. Silly that it can actually use the name Google Docs. 

Here are the Ars Technica articles concerning this that have some information on how it was implemented...  As of 4:40 PM EDT, they had updated the article to say:

 

Quote

[Update, 4:40 pm EDT:] Google has struck hard at the worm. Not only have all the sites associated with the phish been taken offline (their domains appear to have been completely erased), but the permissions associated with the worm have been dropped from victims' accounts. Attempts to reach the domains used in the attack fail, and a whois lookup returns "No whois server is known for this kind of object."

 

https://arstechnica.com/security/2017/05/google-docs-phish-worm-grabs-your-google-app-permissions-contacts/

 

https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/

 

An article at Bleeping Computer goes into some additional details on how Google learned about the scheme and how they went about taking this Phishing Scheme down...

 

https://www.bleepingcomputer.com/news/security/it-took-google-one-hour-to-shut-down-massive-self-replicating-phishing-campaign/

 

It is always best practice though to verify as best as you can any links you get in email (or anywhere really) prior to opening them.

 

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9778237
Share on other sites
Link to post
Share on other sites
Posted
  • Author
On 5/3/2017 at 7:00 PM, WMGroomAK said:

Snip

Thank you for the information. I was wrong on part of what I said, and have pinned your post as a correction. Apologies!

Sorry for any frustration I may have caused. 

As #muricaparrotgang's founder, I invite you to join our ranks today.

"My name is Legion 'Murica Parrot Gang, for we are many."

 

(We actually welcome all forms of animated parrot gifs.)

 

The artist formerly known as Aelar_Nailo.

 

Profile Pic designed by the very lovely @Red :)!

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9785543
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Aelar_Nailo said:

Thank you for the information. I was wrong on part of what I said, and have pinned your post as a correction. Apologies!

Sorry for any frustration I may have caused.

No frustration my part. :)  I've found this whole thing interesting in a case study perspective and amusing in a reaction perspective.  My office didn't even send out an informational e-mail on this until 2:00 PM PDT yesterday (well after any threat was dealt with), and even then, they labelled this as a 'Virus Warning'.xD  Follow it up with the people I know on Social Media and the local newspapers doing the same thing with posts and it is a headshaking deal.  I do find it amusing how it appears that Google became aware of this issue and how fast they responded.

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9785919
Share on other sites
Link to post
Share on other sites
Posted
  • Author
On 5/5/2017 at 9:23 AM, WMGroomAK said:

No frustration my part. :)  I've found this whole thing interesting in a case study perspective and amusing in a reaction perspective.  My office didn't even send out an informational e-mail on this until 2:00 PM PDT yesterday (well after any threat was dealt with), and even then, they labelled this as a 'Virus Warning'.xD  Follow it up with the people I know on Social Media and the local newspapers doing the same thing with posts and it is a headshaking deal.  I do find it amusing how it appears that Google became aware of this issue and how fast they responded.

Truly well done to google. And yes, the aftermath has been somewhat funny. 

As #muricaparrotgang's founder, I invite you to join our ranks today.

"My name is Legion 'Murica Parrot Gang, for we are many."

 

(We actually welcome all forms of animated parrot gifs.)

 

The artist formerly known as Aelar_Nailo.

 

Profile Pic designed by the very lovely @Red :)!

Link to comment
https://linustechtips.com/topic/775002-psa-google-docs/#findComment-9798255
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Off Topic

×