Security researchers from antivirus vendor
Symantec have uncovered a piece of malware that uses Google Docs, which
is now part of Google Drive, as a bridge when communicating with
attackers in order to hide the malicious traffic.
The malware -- a new version from the Backdoor.Makadocs family -- uses the Google Drive "Viewer" feature as a proxy for receiving instructions from the real command and control server. The Google Drive Viewer was designed to allow displaying a variety of file types from remote URLs directly in Google Docs.
Backdoor.Makadocs is distributed with the help of Rich Text Format (RTF) or Microsoft Word (DOC) documents, but does not exploit any vulnerability to install its malicious components, Katsuki said. "It attempts to pique the user's interest with the title and content of the document and trick them into clicking on it and executing it.
The malware -- a new version from the Backdoor.Makadocs family -- uses the Google Drive "Viewer" feature as a proxy for receiving instructions from the real command and control server. The Google Drive Viewer was designed to allow displaying a variety of file types from remote URLs directly in Google Docs.
Backdoor.Makadocs is distributed with the help of Rich Text Format (RTF) or Microsoft Word (DOC) documents, but does not exploit any vulnerability to install its malicious components, Katsuki said. "It attempts to pique the user's interest with the title and content of the document and trick them into clicking on it and executing it.
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .