New malware leverages Google Docs to escape call back detection: FireEye

26th June 2013 | By Mouseworld Now Correspondent |

New Delhi, India, June 26, 2013: FireEye, Inc., the leader in stopping today’s new breed of cyber attacks, today has The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN countries. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy. The rich and contextual details (body and metadata) which are not available online lead us to believe this was stolen.

This new malware was found to have used a number of advance techniques which makes it interesting, in a dangerous way. The malware leverages Google Docs to perform redirection to evade callback detection. This technique was also found in the malware dubbed “Backdoor. Makadocs” reported by Takashi Katsuki (Katsuki, 2012). This also was heavily equipped with a variety of cryptographic functions to perform some of its functions securely.

The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to have used a potentially stolen document as a decoy. The rich and contextual details (body and metadata) which are not available online lead us to believe this was stolen. This decoy document mentioned countries such as Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam, which leads us to suspect that these countries are targeted. As the content of this decoy document is suspected to be a stolen sensitive document, the details will not be published.

This malware was found to have used a number of advance techniques which makes it interesting:

  1. The malware leverages Google Docs to perform redirection to evade callback detection. This technique was also found in the malware dubbed “Backdoor.Makadocs” reported by Takashi Katsuki (Katsuki, 2012).
  2. It is heavily equipped with a variety of cryptographic functions to perform some of its functions securely.
  3. The malicious DLL is manually loaded into memory which hides from DLL listing.

This malware is increasingly becoming more contextually advanced. It attempts to appear as much as possible like legitimate software or documents. A potentially stolen document was used as a decoy document to increase its credibility. It is also a signs that the compromised organizations could be used as a soft target to compromise their business partners and allies.

It is important for any organization to put a stop to the malware infection at the very beginning, which is the exploitation phase. Once a network is compromised, it is increasingly harder to detect such threats. Anti-incident response/forensic techniques are increasingly used to evade detection. It would require a keen eye on details and a wealth of experience to identify all these advance techniques.

 

© Mouseworld Now News Service

Tags: , , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 7 + 4 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • Satya Nadella
  • NASSCOM-President-Som-Mittal
  • Larry-page
  • steve-jobs
  • Suresh-Vaswani
  • john-chambers

Channel News

  • ASUS hosts Annual Channel Meet in Goa from September 18-21, 2014 more...
  • PayUMoney clocks 1 billion online transactions and 1.3 lakhs sign ups for SMEs more...
  • Savera Marketing announces special Price Offer on HIS R9 280x Gamers Choice Edition more...
  • Junglee.com launches android smartphone app more...
  • iValue is now a Value-added Distributor for CyberArk more...
Subscribe via email

Enter your email address:

Myntra Brand Rush Women
Follow us on Facebook
Vista print mugs
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration