Latest Makadocs Malware Uses Google Drive Viewer As Proxy to Command and Control Server

Home / News

Latest Makadocs Malware Uses Google Drive Viewer As Proxy to Command and Control Server

By CircleID Reporter
November 19, 2012, 8:12 pm PST Views: 9,715 Add Comment

Security researchers have found a new variant of the Macadocs malware to be using Google docs as a proxy server and not connecting to a command and control (C&C) server directly. In a blog post on Friday, Symantec researcher Takashi Katsuki, wrote:

“Google docs has a function called viewer that retrieves the resources of another URL and displays it. Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google’s policies, Backdoor.Makadocs uses this function to access its C&C server. It is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C;from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall. “

By CircleID Reporter — CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.
Visit Page

Filed Under

Comments

The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.