New Windows Malware Exploits Google Docs

Dennis Faas's picture

A new type of malware targeting Microsoft's new Windows 8 operating system (OS) reportedly uses Google Docs to carry out its attacks on unsuspecting users.

According to a report from security firm Symantec (which discussed the issue in one of its recent Security Response blogs), a Trojan horse known as Backdoor.Makadocs is targeting Windows 8 users.

Malware Disguises Itself; Tricks Users

Here's how it works, according to Symantec: the malware exploits a vulnerability in the Google Docs program called "Viewer."

Apparently the malware masks itself as a Rich Text Format (RTF) or Microsoft Word (DOC) document. This allows it to trick users into opening the malicious file.

In addition, Symantec says, a unique encryption strategy is allowing the malware to bypass Google Docs' security methods, and also prevent users from detecting the malware's activity.

In effect, the malicious file uses Google Docs as a 'proxy server' to bypass Google's usual defense systems.

Symantec software engineer Takashi Katsuki believes that Google could stop this malware exploitation by introducing a firewall feature. Google says it is currently investigating the problem and will "take action when we become aware of abuse."

In a statement, the search giant warned that "using any Google product to conduct this kind of activity is a violation of our product policies." (Source: threatpost.com)

Earlier Versions of Windows Also Vulnerable

Some reports indicate that Windows 8 is just one of the Microsoft operating systems vulnerable to this exploit. The Hot Hardware blog has suggested the problem affects all versions of Windows, all the way back to Windows 95. (Source: hothardware.com)

Windows Server 2003, 2008, and 2012 are also reportedly open to this security hazard.

Right now it appears this Trojan malware is primarily affecting Brazilian users. However, it's entirely possible the infections will soon spread to other parts of the world.

Security experts are warning all Internet users to avoid opening any suspicious documents, particularly those from unknown sources. (Source: hothardware.com)

Rate this article: 
No votes yet