New Malware Leverages Google Docs

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Symantec researchers recently came across a new Trojan, Backdoor.Makadocs, that uses Google Docs as a proxy server instead of contacting a command and control (C&C) server directly.

"Google Docs has a function called viewer that retrieves the resources of another URL and displays it," Symantec's Takashi Katsuki wrote in a blog post. "Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server."

"It's possible that the malware author used this approach in order to make it harder for network-level security products to detect the malicious traffic, since it will appear as encrypted connections -- Google Drive uses HTTPS by default -- with a generally trusted service, Katsuki said," writes Computerworld's Lucian Constantin.

"Essentially all versions of Windows are affected, from Windows 95 to Windows 7 (and Windows Server 2003 and 2008), and now Symantec says that the malware has been updated to add Windows 8 and Windows Server 2012 to the list, too," notes HotHardware's Seth Colaner.

Submit a Comment

Loading Comments...