ADVERTISEMENT
Filtered By: Scitech
SciTech

New malware targets Windows 8 via Google Docs


+
Add GMA on Google
Make this your preferred source to get more updates from this publisher on Google.
Users of devices running Microsoft's Windows operating system, including its recently released Windows 8, may have to be on guard for this sneaky new backdoor Trojan.
 
Security vendor Symantec said "Backdoor.Makadocs" gets commands from a remote server and steals information from an infected computer but uses Google Docs as a proxy.
 
"The latest version of Makadocs does not connect to a C&C (command and control) server directly, rather, it uses Google docs as a proxy server," it said in a blog post.
 
It said it has confirmed that Backdoor.Makadocs arrives as a Rich Text Format (RTF) or Microsoft Word document.
 
Once opened, the malware exploits the "viewer" function in Google Docs, Google's cloud-based productivity suite, to use Google Docs as a proxy.
 
Symantec said Google Docs' "Viewer" allows a user to view a variety of file types in the browser.
 
The connection to the Google Docs server is encrypted using HTTPS, making it difficult to be blocked locally, though Symantec said Google can prevent this connection with a firewall.
 
"In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server. It is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered," Symantec said.
 
Social engineering
 
Symantec said that while the document does not exploit any known software bug, it uses social engineering tactics.
 
"It attempts to pique the user’s interest with the title and content of the document and trick them into clicking on it and executing it. The following code extract leads us to believe that the malware primarily targets people living in Brazil," it said.
 
Also, it noted the RTF and Microsoft Word files are detected by its anti-malware products as Trojan.Dropper.
 
Google Docs' popularity
 
A separate article on The Next Web said the threat may grow as Google Docs becomes more popular, and businesses continue to accept it and allow the service through their firewalls.
 
Meanwhile, The Next Web said Google is investigating the matter.
 
“Using any Google product to conduct this kind of activity is a violation of our product policies. We investigate and take action when we become aware of abuse,” it quoted a Google spokesperson as saying in a statement. — TJD, GMA News
Tags: microsoft, microsoftwindows, google, googledocs, internet
Most Popular