New Windows malware to exploit Google Docs

by CXOtoday News Desk    Nov 26, 2012

malwareA new type of malware is said to be targeting the new Microsoft Windows 8 OS and Windows Server 2012, said security firm Symantec in a recent report. The malware identified as Backdoor.Makadocs is said to exploit vulnerability in the Google Docs program called “Viewer” to carry out its attacks on unsuspicious users in the enterprise.

According to the report, using social engineering tactics to engage a user’s interest in the file, the Trojan arrives as a Rich Text Format (RTF) or Microsoft Word document; when a user opens it, the payload is delivered. In this case, the trojan authors are using Google Docs as a proxy server to get around firewalls and connect to a C&C server, instead of attempting to connect directly.

The Trojan while violating Google’s policies uses the Google Docs function for linking its command-and-control system. The linkage with Google Docs’ online computer is encoded with the help of HTTPS. This in turn causes blocks locally, making it difficult to run the system.

Symantec researchers believe that it is not quite surprising that these operating systems are key targets because they have been released recently and are being widely used. However, cyber criminals are seizing upon this opportunity to act quickly on the previous versions, from Windows 95 to Windows 7 (and Windows Server 2003 and 2008).

Even though this advanced form of malware has been identified in Brazil, the security firm believes that the cyber criminals may extend to other geographies as well. To refrain from getting infected with the new malware, Symantec has recommended enterprises and end users to complete the most recent security patches deployed onto their computers as well as having their anti-virus definitions updated.

It is also important that users do not download files from unsolicited emails or unknown sources and do not click suspicious hyperlinks that come via email or social network.