Malware Vector Question: Infect a Computer via Google Drive?

Discussion in 'Application Software' started by Gao_Zhisheng, Aug 6, 2015.

  1. Gao_Zhisheng

    Gao_Zhisheng MDL Novice

    Aug 6, 2015
    8
    8
    0
    Okay so first I'm posting here because of the three threads that had the word "infection" in the title from the search I did, two of them were posted in the Win7 sub-forum, and I happen to be using Win7 right now, so that's why I posted it here. Also the topic of the forum may not include Security issues, so if it gets closed etc... I'll understand. Please move or close as appropriate.

    I'm asking the question here because I suspect the people here know more about the "nuts and bolts" of the Operating System(s), compared to the malware removal people you might find on places like Bleeping Computer, that know how to remove malware (by rote), but don't understand the "Big Picture" of malware and how it can get onboard a computer.

    I did a minimal amount of research on connecting "malware" with "google drive" and found some connection but the devil is in the detail and I don't have enough understanding of the technical aspects to answer my own questions, so I'm posting it here.

    I recently made a FOIA (Freedom of Information Act Request) from a (US) government agency and the response was to send me an email with a link to some Google Drive. It appears that, in order to access the information, I have to have some kind of feature of Google Drive installed.

    The reason for the FOIA is, in part, because I suspect criminal activity on the part of some of the people within government, and I'm looking for evidence and connections between the government agency and the criminal activity, so when, instead of getting a basic excel, text, word, etc... document, or even a pdf, I get a link to a Google Drive account that has a bazillion characters in the URL (like what I see sometimes when up & downloading to "Mega"). I have no idea who's Google Drive account this is, what will happen when I install Google Drive and then access this document. Will it infect my computer? Give my IP? Give my MAC? Install a RAT? etc...

    The idea that a government agency would require a person to have Google Drive installed in order to receive information from a FOIA seems a bit "off" to me. Attaching a standalone file to an email is standard. I can then scan the document before opening it. Making a person install an oddball software like Google Drive, then open your computer to the risk of infection seems suspicious to me. I'd make an issue about it, but do not want to tip the hand of the person sending the document. I'm ready to go to the FBI, but need to know whether or not it's even possible to do something like this via Google Drive 1st. So, primary question, can a computer be infected by attempting to access, download or open a document via Google Drive, and how likely is it that a government agency would use this method of disseminating information via FOIA requests, given that the whole purpose of the act is to force the government to give information to whoever asks for it. One argument could be made that this is like trying to pay a $1,000 tax bill with pennies. If just feels "off" to me, and I'm wondering if my suspicions have any validity.
     
  2. Gao_Zhisheng

    Gao_Zhisheng MDL Novice

    Aug 6, 2015
    8
    8
    0

    Thanks a bunch. I've read Wilders off & on but they seemed to intimidating. Too smart. Scary smart. But this is a heavy-duty issue, so I have a registration pending there. Apparently Admins do manual approval for new members.

    But while there I did a brief search and found this:

    darkreading.cxoxmx/cloud/man-in-the-cloud-owns-your-dropbox-google-drive----sans-malware-/d/d-id/1321501

    (you'll have to reconstruct the link due to the fact that I can't post links)

    And it turns out not only were my instincts and "Spidey-sense" spot on, this is article was just published today, so it seems the exploit is only newly discovered.