Wednesday, November 21, 2012

Backdoor Trojan Uses Google Docs to Connect to C&C Servers

Google DocsUsing Google Docs for evil purposes is nothing new.

Cybercriminals have already found that the ability to host online forms using Google Docs can prove quite useful when launching phishing attacks.

Now it seems that they’ve discovered that there’s more value in Google Docs, and have begun using it as a proxy server to pass information between command & control servers and machines infected with the latest variant of Backdoor.Makadocs.

As explained on the Symantec security blog, this is all made possible thanks to a Google Docs feature called viewer that retrieves the resources of another URL and displays it.

Of course, Backdoor.Makadocs’s use of Google Docs' viewer feature is a violation of Google’s policies, but it’s highly doubtful that cybercriminals care. They’re likely more interested in the benefits, which include hiding command & control server communications and the fact that the connection to the Google Docs server is encrypted using HTTPS, making it difficult to block locally.

Backdoor.Makadocs appears to primarily target Brazilian users, and arrives as a Microsoft Word document or Rich Text Format (RTF) file that relies on social engineering tactics to infect the machine. Symantec detects the Word & RTF files associated with this attack as Trojan.Dropper.

Should Backdoor.Makadocs manage to find its way onto your PC, it will do as its name suggests and open a backdoor to siphon sensitive information out of your machine.

Keeping Your PC Safe from Makadocs Malware

  • Keep your operating system and installed software fully patched and up-to-date.

  • Always run antivirus software that offers real-time scanning.

  • Do not download files from unsolicited emails or untrusted sources.

  • Do not click suspicious hyperlinks, regardless if how they were shared (email, social network, etc.)

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment