This can be considered as the best example of how a useful feature of a cloud storage application can be used nefariously to deliver viruses and malicious redirects. It was recently found that Google Drive was being used as a medium to insert a malicious redirects. This brings serious security breaching as these malicious redirects infect the legitimate websites. Not only that, it also redirects the traffic coming to these websites to the drive-by download landing pages.
With Google Drive, users can upload a directory that contains static web files like HTML, CSS, and JavaScript and publish their own website with Google Drive’s built-in feature of site publishing.
However, this useful feature is now being used to upload malicious scripts. These scripts are used to attack the legitimate websites and then infect them. The major problem with these malicious scripts is they cannot be detected using conventional IDS or Intrusion Detection Systems. This is because Google Drive uses HTTPS and hence the traffic packets come encrypted.
How Malicious redirect in Google drive works
The survey carried out to detect these activities describes the process of inserting the malicious redirect in Google Drive. When such compromised websites are browsed, the virus makes a silent call to Google Drive that retrieves the cryptic JavaScript. From this point onwards, the code snippet loads the “.tk” TDS which is mostly associated with phishing and malware attacks. This code snippet redirects the user to an exploit page.
However, there’s one thing to take a note of. You cannot really blame Google for the malicious redirect in Google Drive because of some flaw in the application. Also, it is not fair to expect that Google would do something for these malicious activities, other than blocking these accounts. This is because the malicious activities can be done from any other web host. However, this virus can be very dangerous to the system, and hence users should take proper steps to remove the virus of malicious redirect in Google Drive.