Home / News

Latest Makadocs Malware Uses Google Drive Viewer As Proxy to Command and Control Server

Security researchers have found a new variant of the Macadocs malware to be using Google docs as a proxy server and not connecting to a command and control (C&C) server directly. In a blog post on Friday, Symantec researcher Takashi Katsuki, wrote:

"Google docs has a function called viewer that retrieves the resources of another URL and displays it. Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server. It is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C;from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall. "

Related topics: Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Introducing the Verisign DNS Firewall

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias
Port25

Email

Sponsored by
Port25