Share

Related Links

  • ESET
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • More botnets and Stuxnet attacks on the horizon says security expert
    The threat landscape is evolving and, as a result, botnets and cross-platform security threats will head up the security threat list for 2011, according to ESET, the Slovakian IT security vendor.
  • Eset security research fellow says Stuxnet reporting is OTT
    Reporting on the Stuxnet malware has reached new heights - or lows, depending on your point of view. According to David Harley, a security research fellow with Eset, the Sky News video report on the malware of late last week was more 'planet fantasy' than anything else.
  • Koobface makes (another) comeback
    According to Harley, who is a director of malware intelligence with ESET, Koobface's latest attack modus operandi is that it only infects users the first time the victim accesses the site.
  • ESET says Slovakian internet prank turns into global infection
    IT security vendor ESET has reported that a destructive worm that was originally conceived as a prank targetting a small community of Slovakian bikers, has now spread worldwide. Currently, ESET says, the greatest number of infections by Win32/Zimuse are in the US.

Top 5 Stories

News

Hackers hijack TeamViewer application to gain remote access

17 January 2011

Anti-virus specialist ESET is reporting that TeamViewer v5.0 is being hijacked to gain remote access to users computers without their permission.

According to David Harley, ESET's senior research fellow, a Russian colleague uncovered the problem when examining sample code from Group-IB, the forensic investigation specialist.

Harley reports that TeamViewer was used in an incident related to the theft of money from a major Russian company.

The dropper, he explained, installs a backdoor in %WINDIR% and runs as server in console mode. A component of TeamViewer is then modified in order to inject code into tv.dll, communicating through the administrative control panel.

"While there's no indication that this is in any way connected with the support scams I've blogged about, it's disquieting but not surprising to see widely-used remote access tools misused for criminal purposes", he said in his security blog.

The command set used in the botnet includes instructions to start a command shell to make use of the compromised machine, to toggle monitoring, to exit Windows and/or power down, and to remove all traces of the bot.

It's important to note that TeamViewer is not itself susceptible to the attack, but is merely that its code is being tapped by the hackers in developing the fraud, Infosecurity notes.

It's also worth noting that other remote control applications could – in theory, at least – be tapped in a similar fashion to gain unauthorised access to a user's computer.

As one reader to Harley's weekend security blog noted, remote access software is very useful in the right context, but the trick is to be aware of when it is being misused.

There may be an argument, Infosecurity notes, to only enable remote access to a computer when you are away from the terminal, and not when you are in the office.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×