- Apr 25, 2013
- 5,355
A new strain of malware that uses Gmail drafts in an invisible Internet Explorer window, has been discovered. According to Network World, the malware uses the drafts folder as “the command and control to steal data.”
Because webmail solutions including Gmail are often allowed on corporate machines, the malware could potentially act on company networks without being spotted using “hundreds of different email accounts with names that are very similar to those of real users.”
Speaking to Wired, Wade Williamson, one of the researcherswho discovered the malware explained that its stealthy nature makes it tricky to spot: “What were seeing here is command and control that’s using a fully allowed service, and that makes it superstealthy and very hard to identify. It’s stealthily passing messages back and forth without even having to press send. You never see the bullet fired.”
BGR explains that the process takes advantage of an Internet Explore window invisible to the user – the kind which Windows allows to run in the background to query web pages for information. Once infected, the hidden Internet Explorer window opens up the anonymous Gmail account on the computer, and then uses a Python script to collect commands and code that the hacker enters into the draft field. The malware acknowledges this in the same draft folder, along with data it has been instructed to collect from the victim’s network. All of this communication is encoded, making it hard to spot.
A Google spokesperson told Wired that its “systems actively track malicious and programmatic usage of Gmail” and that the company quickly removes abusive accounts.
Because webmail solutions including Gmail are often allowed on corporate machines, the malware could potentially act on company networks without being spotted using “hundreds of different email accounts with names that are very similar to those of real users.”
Speaking to Wired, Wade Williamson, one of the researcherswho discovered the malware explained that its stealthy nature makes it tricky to spot: “What were seeing here is command and control that’s using a fully allowed service, and that makes it superstealthy and very hard to identify. It’s stealthily passing messages back and forth without even having to press send. You never see the bullet fired.”
BGR explains that the process takes advantage of an Internet Explore window invisible to the user – the kind which Windows allows to run in the background to query web pages for information. Once infected, the hidden Internet Explorer window opens up the anonymous Gmail account on the computer, and then uses a Python script to collect commands and code that the hacker enters into the draft field. The malware acknowledges this in the same draft folder, along with data it has been instructed to collect from the victim’s network. All of this communication is encoded, making it hard to spot.
A Google spokesperson told Wired that its “systems actively track malicious and programmatic usage of Gmail” and that the company quickly removes abusive accounts.
