Forgot your password?
typodupeerror
Google Cloud Microsoft Security News

New Malware Variant Uses Google Docs As a Proxy To Phone Home 85

Posted by timothy
from the why-not-use-linkedin-like-all-the-other-spammers dept.
An anonymous reader writes "Windows 8 may block most malware out of the box, but there is still malware out there that thwarts Microsoft's latest and greatest. A new Trojan variant, detected as Backdoor.Makadocs and spread via RTF and Microsoft Word document marked as Trojan.Dropper, has been discovered that not only adds a clause to target Windows 8 and Windows Server 2012, but also uses Google Docs as a proxy server to phone home to its Command & Control (C&C) server."
This discussion has been archived. No new comments can be posted.

New Malware Variant Uses Google Docs As a Proxy To Phone Home

Comments Filter:
  • John Gilmore (Score:5, Interesting)

    by Elgonn (921934) on Sunday November 18, 2012 @03:25AM (#42017513)
    "The malware interprets security as damage and routes around it."
  • Re:Yep. (Score:5, Interesting)

    by jones_supa (887896) on Sunday November 18, 2012 @04:30AM (#42017711)

    Even when Microsoft makes something bulletproof, these tech assholes have to blame a Google problem on Microsoft.

    No.

    It uses a vulnerability in RTF and Word documents to get into the system.

    It only uses Google Docs as a fancy way to phone home.

  • Re:Yep. (Score:4, Interesting)

    by Rockoon (1252108) on Sunday November 18, 2012 @09:09AM (#42018391)

    But spreading via RTF and Word documents? That means this trojan only takes control through a vulnerability (or multiple ones?) in RTF and Word document handling. That would definitely be a Windows 8 problem.

    No, its definitely not a windows 8 problem. Its clearly a problem with the software reading RTF and Word documents. Last I checked, user accounts on all OS's, including Windows, Linux, OS/X, and BSD, could open up a socket and start hitting the network with whatever rights the user has.

    The only place where it is acceptable to not allow networking by default is the land of mobile devices, and only some of them are actually like that.

  • Re:Brilliant (Score:4, Interesting)

    by swillden (191260) <shawn-ds@willden.org> on Sunday November 18, 2012 @12:37PM (#42019575) Homepage Journal

    Because of all the downtime on Google docs, the communication with the C&C server is intermittent and therefore difficult to pinpoint by law enforcement. Security by instability.

    FYI, if you'd like to know how often Google docs (or any other Google Apps service) is unavailable, Google provides an on-line status dashboard [google.com] with both current and historical information going back two months.

    Googling for overall uptime stats shows that in 2010, Apps achieved 99.984% uptime and in 2011 99.9949% uptime, even after changing the methodology to count all downtimes, not just those lasting more than 10 minutes.

After an instrument has been assembled, extra components will be found on the bench.

Working...