10702174675?profile=RESIZE_400xGoogle Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as ‘malware.’  This 'issue' was first reported by a German researcher.  Founded in 1947 and located in New York City US as a non-profit, ACM is the world's largest scientific and educational computing society.  As of 2019, ACM's membership comprises nearly 100,000 students and professionals involved in the field of computing.10704461667?profile=RESIZE_400x

Its research paper allegedly "violates" Google Drive policies, as reported by a German based PhD researcher of the Planck Society, who was frustrated on seeing one of his Google Docs files restricted by Google.   The file contained links to ACM research papers, but "violates" Google's Terms of Service as per a screenshot shared by the researcher.

And, apparently it is not just Google Drive. Google Search is acting quirky too, Golla points out.  Researchers confirmed Google Search results for the ACM website, ACM Digital Library research papers, and contact pages are also treating links to ACM domains as malicious.

10703562257?profile=RESIZE_400xFigure 1. (left) Google search results flag ACM sites as malicious (BleepingComputer) 10704214258?profile=RESIZE_400x

This issue is essentially blocking any and all traffic to ACM domains from Google Search results.  ACM visitors will instead have to manually copy-paste the intended link in their web browser's address bar:10703889700?profile=RESIZE_400x

 

 

Figure 2 (right). Google search results to ACM site blocked by an interstitial (BleepingComputer)

These warnings are typically shown by Google to visitors who may inadvertently be navigating to compromised sites or domains hosting adware, MageCart scripts, or other types of malware.  Thus far, there is no indication that ACM's domains are compromised or serving malware.  BleepingComputer has reached out to ACM to ensure that is indeed the case.  "For detailed information about the problems that we found, visit Google's Safe Browsing diagnostic page for this site," advises Google's warning message.  But analysts observed the "diagnostic page" indicated that ACM's website was safe:

10702756290?profile=RESIZE_400xFigure 3. (right) Google's SafeBrowsing Diagnostic page states ACM is safe (BleepingComputer)

Third time's a charm !  Although the blocking of ACM links across Google Search and Drive seems unpredictable, this is not the first time Google Drive has inaccurately flagged materials for being in violation of its Terms of Service when there is not any.

In January of this year, Google Drive was seen restricting nearly empty files for 'copyright infringement.'  These files contained no data other than some numbers or a single digit, such as '1'.  Google Drive documents that contain phishing links, even for personal research purposes have, on occasion, also been automatically marked to be in violation of terms and had their sharing features restricted.

Analysts from BleepingComputer reached out to Google prior to publishing its report to understand what is causing the issue with ACM domains.  While Google did not immediately disclose the cause of the problem, by last week, ACM purportedly made changes to its website resolving the issue:  "With ACM taking down the portion of their site that triggered our malware distribution warnings, this has now been resolved," a Google spokesperson reported.  BleepingComputer has still not heard back from ACM.  All very strange.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/
  • Website: https://www. wapacklabs. com/
  • LinkedIn: https://www. linkedin. com/company/64265941 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance