Security

Malware aimed at Windows 8, uses Google Docs as a proxy server

Virus receives commands from the C & C server and collects information from infected systems.

Symantec has detected malware Backdoor.Makadocs, which focuses on computers running on Windows 8 and Windows Server 2012. Virus receives commands from the C & C server and collects information about infected computers.

Symantec experts say that backdoor Backdoor.Makadocs also endowed with a unique feature, because it does not connect to C & C server directly, and uses for the Google Docs as a proxy server.

Note that Google Docs Viewer was originally created to display the different types of files from a remote URL-address directly in the operating window Google Docs. In violation of the security policies of Google Backdoor.Makadocs uses this function to access the command server. Since the connection to the server is encrypted with Google Docs over HTTPS, the presence of the backdoor is very difficult to find locally.

Backdoor disguises itself under the file in Rich Text Format (. RTF) document or Microsoft Word (. DOC).

To carry out its malicious activity backdoor uses social engineering methods. In most cases, the victims of the virus are Brazilian users.

Tagged ,