Trojan Communicates Via Google Docs

Tuesday, November 20, 2012 @ 03:11 PM gHale


There is a Trojan called Backdoor.Makadocs that hides in Rich Text Format (RTF) and Microsoft Word documents and injects malicious code via Trojan.Dropper, researchers at Symantec said.

The Trojan uses the Google Docs service’s Viewer feature to communicate with its command-and-control (C&C) server.

RELATED STORIES
Chrome App Forges Blogs
Fear Factor: DDoS Attacks
SCADA Basics: Integrity Over Availability
Amplifying DDoS Attacks

The good news is Symantec currently rates the Trojan’s threat level as “very low.”

The security provider said the carrier document appears to primarily target users in Brazil. The malware transfers information such as the infected computer’s host name and operating system. Symantec said the malware has already undergone an update for Microsoft’s newly released Windows 8 and Windows Server 2012 operating systems.

The unusual characteristic of the Trojan is the use of Google Docs: the online service offers a viewer that loads and displays various types of files via URLs. Symantec said Backdoor.Makadocs uses this viewer to contact the Trojan’s C&C server.

This diversion prevents the data traffic between the infected system and the C&C server from discovery as, Symantec said, Google Docs connections use the encrypted HTTPS and are therefore difficult to block locally. However, the company said Google could prevent the viewer from misuse by implementing a firewall.



Leave a Reply

You must be logged in to post a comment.