Related Links

  • ESET
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


Hackers hijack TeamViewer application to gain remote access

17 January 2011

Anti-virus specialist ESET is reporting that TeamViewer v5.0 is being hijacked to gain remote access to users computers without their permission.

According to David Harley, ESET's senior research fellow, a Russian colleague uncovered the problem when examining sample code from Group-IB, the forensic investigation specialist.

Harley reports that TeamViewer was used in an incident related to the theft of money from a major Russian company.

The dropper, he explained, installs a backdoor in %WINDIR% and runs as server in console mode. A component of TeamViewer is then modified in order to inject code into tv.dll, communicating through the administrative control panel.

"While there's no indication that this is in any way connected with the support scams I've blogged about, it's disquieting but not surprising to see widely-used remote access tools misused for criminal purposes", he said in his security blog.

The command set used in the botnet includes instructions to start a command shell to make use of the compromised machine, to toggle monitoring, to exit Windows and/or power down, and to remove all traces of the bot.

It's important to note that TeamViewer is not itself susceptible to the attack, but is merely that its code is being tapped by the hackers in developing the fraud, Infosecurity notes.

It's also worth noting that other remote control applications could – in theory, at least – be tapped in a similar fashion to gain unauthorised access to a user's computer.

As one reader to Harley's weekend security blog noted, remote access software is very useful in the right context, but the trick is to be aware of when it is being misused.

There may be an argument, Infosecurity notes, to only enable remote access to a computer when you are away from the terminal, and not when you are in the office.

This article is featured in:
Application Security  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×