Establishing Digital Trust: Don't Sacrifice Security for Convenience
"Google Docs has a function called viewer that retrieves the resources of another URL and displays it," Symantec's Takashi Katsuki wrote in a blog post. "Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server."
"It's possible that the malware author used this approach in order to make it harder for network-level security products to detect the malicious traffic, since it will appear as encrypted connections -- Google Drive uses HTTPS by default -- with a generally trusted service, Katsuki said," writes Computerworld's Lucian Constantin.
"Essentially all versions of Windows are affected, from Windows 95 to Windows 7 (and Windows Server 2003 and 2008), and now Symantec says that the malware has been updated to add Windows 8 and Windows Server 2012 to the list, too," notes HotHardware's Seth Colaner.